Researchers have linked a new sample of the worm with the previously detected trojan Trojan.Milicenso.
Symantec has reported the detection of malicious program that uses a network printer for unauthorized printing of unnecessary documents.
According to researchers, the worm, dubbed W32.Printlove, exploits a vulnerability to insufficient access restrictions to the service of printing in Microsoft Windows CVE 2010-2729, discovered in 2010.
According to the researchers discovered a worm W32.Printlove uses a similar scheme. The worm sends a request to print an infected computer, creating a print queue% SystemRoot% \ system32 \ spool \ printers your copy with an arbitrary name, adding the extension. Spl.
An infected computer is perceived to create a file in the print queue as a task, and passes the command of the task network printer.
Symantec Experts have noted that the virus is periodically repeated attempts of infection, so that unauthorized printing may continue for as long as the malware is removed from all computers connected to the LAN.
Note that at the end of last month, experts have reported the appearance of the Trojan Trojan.Milicenso, which gets unauthorized access to the victim and the printer prints out the unnecessary and meaningless documents.
If you compromise a system virus Adware.Eorezo network printers print indistinct text as long as they do not end paper.
Symantec has analyzed Adware.Eorezo, one of the modifications of Trojan Trojan.Milicenso, as a result of which all network printers to print the text incomprehensible as long as they do not end paper. According to experts, the most widespread malicious program has received in the U.S. and India, as well as in several regions of Europe and South America.
The virus infects the system Adware.Eorezo and multiple ways, including sending messages with malicious attachments, as well as placement on web-sites specially crafted scripts. It is also not uncommon for this program in the presence of spurious packets of multimedia codecs.
It creates and executes a file dropper, which in turn creates a library file in one of the system directories of Windows.
The main part of the created file library uses a complex encryption mechanism, which greatly complicates the analysis. The key to the cipher is also encrypted, and is used to obtain it is unique for each of the affected machine value. In the example, which leads experts Symantec, the key used to decrypt the value of a length of 16 bytes. Trojan.Milicenso also uses a number of techniques for determining the place of execution (the virtual environment, a user’s system, sand, etc.)
If the virus determines the performance in a sandbox environment, triggers a protective mechanism to hide the existence of a threat. Thus, in the case of Adware.Eorezo, protective gear is not expressed in concealing their own activities, but only in the activation of additional functions, such as contact with certain sites.