Thousands of office printers hit by "gibberish" malware

Thousands of office printers hit by "gibberish" malware

Summary: What's been dubbed as a "paper salesman's dream come true," thousands of printers worldwide are spewing out garbled content as a result of a malware infection.


Thousands of office printers from large businesses around the world are churning out page after page of gibberish and wasting vast reams of paper.

For once it seems malware is to blame.

Dubbed "Trojan.Milicenso," it has been described by security researchers as a malware delivery vehicle "for hire" through its repeated use since it was first discovered in 2010, according to security firm Symantec.

The worst hit appear to be large companies in the U.S., India, northern Europe --- including the U.K. --- and South America.

Symantec said there were a number of ways the malware can find its way onto PCs, including opening a malware-laden email attachment, through a compromised website, or posing as fake video codecs.

Once the malware is opened, it redirects the user to pages to serve up adverts; a common way for malware writers to generate quick revenue.

But one of the apparent "side effects" of the malware affects printers.

The malware unpacks a file in a PCs printer queue, which Windows then turns into a print job. Because these files aren't readable to ordinary folk without special tools, it churns out incomprehensible gobbledegook, and doesn't stop until the printer runs out of paper, disconnected from the power supply, or is attacked by a peeved systems administrator with an axe.

It's like dragging a system file into a plain-text editor: most of the time you'll see garbage.

If your corporate printers are seemingly spewing out incomprehensible rubbish --- it's either an overworked intern who's fallen asleep at the keyboard --- or more likely a malware infection.

Image credit: Ricky Leong/Flickr.


More from Zero Day:

Topics: Hardware, Printers, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Printers under attack

    There are already published reports where network printers and print spooler service are attacked just to gain access to the server. A good example is in a research paper already published recently in Kaspersky website:

    They should rename this malware, the anti-green malware, as this malware is not environment friendly by wasting reams of bond papers.
  • Seems like...

    ...DC and Wall St analysts have had this bug for years.
    • True!

      Lawyers filing patent infringement lawsuits have also been bitten by this bug!
      • RE: Lawyers filing patent infringement lawsuits..

        Quote: [i]Lawyers filing patent infringement lawsuits [s]have also been bitten by[/s][u]are the source of[/u] this bug!
    • Re: Seems like...

      Awesome, just Awesome!!

      Thanks for the laugh!
  • Yeah, but the lawyers deserve the headache!

    Q: What do you call 100 skydiving lawyers?

    A: Skeet...
    Soapy Buoy
  • LOL

    I experienced this firsthand, but as someone stuck waiting for a proper printout, not as a directly infected victim. And there I was thinking that I was just having another Office Space moment: "Yeah, go ahead and do THAT!" It was a very persistant print job, only 2 or 3 lines of wingdings per page. Could not cancel it from the printer, had to go admin on it. What will they think of next?
  • Printer pranks

    I remember there used to be a bunch of ASCII commands you could send to HP printer that made them do wierd things. The one I liked best was the one that would make the LCD read Strawberry Jam. ;) Ahhh the good ol days.
  • Sensationalist Reporting

    I've seen this many times before. Nothiong new here. Usually it is caused by a user attempting to print a system file, or a binary file. Guess what? The printer spits out page after page of garbage. And the user panics because they don't know how to cancel a print job. so, before I'll believe this story, show us the code, show us reports fom anti-vir software and from professional tech support staff.
    • Oh C'mon WCarlS,

      Zack did supply a link to follow, that shows exactly what you're asking for. I take it by your post however, you didn't even bother to try...

      While there are many times I feel some of Zack's blogs have hidden agendas, he does usually provide links to back up stories like this. Try reading thoroughly before coming down on someone.

      You may find it enjoyable and perhaps could extend your knowledge base.

      • Hidden agenda?

        I wouldn't even say they're hidden -- if at all. I'd say I'm pretty up front about the topics I cover, and have no qualms about facing subjects pretty much head on. Would you like to give an example (or a few)?

        Thanks for the comment -- Zack.
  • The Evil That Men Do...

    Poor bloody old Windows.

    When they created this sad crap with it's registry, and initially insecure modes, they really had no idea how they would fund both malware makers and malware fighters into giant industries that would rival Microsoft itself in reach and income. It just seemed a good idea at the time.
    • Nah mate

      Didn't you know that it's all a *nix/Apple/Google/IBM conspiracy. Windows projects rainbows and soothing music. It does no wrong and is perfect as it was from its first day gracing this planet.

      What people think are patches and service packs merely update the colour palette and sound system so that you are reassured that all is well and nothing is amiss.
    • The registry came from

      DEC VMS and the verb table. Even then, a tiny mistake in adding a verb to the table would crash the entire operating system.

      IBM -> HAL VMS -> WNT
      Tony Burzio
  • The first time I saw this one was...

    in 1980 on a DEC TOPSystem 20. The boffins learned how to send a message to all the teletype terminals that would spit out the entire box of paper from under the machine. Back then all you needed was ^L to eject the page. The old 5 machine cluster was so unstable that EMACS was written so that we would have an auto-saving editor on the VT52. Yep, by Gosling, the JAVA guy...
    Tony Burzio
  • Printer Malware

  • The PCs are hit by malware, not printers, right?

    I don't understand how the story supports the title. Here's what I got from the story:
    1) PC is infected by the Trojan.Milicenso virus
    2) Malware unpacks a file in a PCs printer queue
    3) Windows then turns the file into a print job
    4) As a print job, these files are incomprehensible gobbledegook, just like a system file would be if opened in a plain-text editor, and was then printed.

    The printer is simply doing what the infected PC told it to do. The problem is with the infected PC, yet the title of the article implies that the printers are infected by a virus.
    Furthermore, the photo is not related to this story at all. It's from a 2008 event when a printer came up with a funny message (probably a debug message in the FW) which was cleared by a reboot. (click the link: Image credit: Ricky Leong/Flickr to see the story)

    To me, this article is misleading. It seems to play off of the recent concerns about whether printer FW is secure, or could be hacked. Am I missing something here?
    d a johnson