New worm triggers trash print jobs through patched PC

More malware accidentally causes garbage print jobs.

Researchers at Symantec have discovered a second worm in as many weeks that is causing printers to spew garbage printouts.

The worm exploits the Windows print spooler service vulnerability (CVE 2010-2729). While the flaw is being used to infect unpatched machines, it is also causing devices with the relevant patch to submit print jobs containing garbled text. Symantec has labelled the worm W32.Printlove.

“Garbage printing is a side effect experienced by hosts who are patched against CVE 2010-2729 but are attacked by W32.Printlove,” said Symantec threat analyst Jeet Morparia.

Symantec has received “several customer issues about garbage being printed on their network printers,” according to Morparia.

The flaw, for which Microsoft issued a patch in 2010, allows any file transferred through the print spooler to be copied to any directory on a network.

The worm uses that flaw to infect unpatched PCs, however, when it reaches a patched PC, instead of writing files to any directory as it is intended to, it saves a .spl (print spooler) file to that machine’s print spooler directory.

The device will then print the .spl file on a printer that is shared with the infected machine, Morparia explained.

In early June, organisations in the US, India and Europe began reporting that networked printers were spewing “garbled” text and later that month Symantec pinned those incidents on the “Millicenso” trojan.

Like Printlove, the unwanted print jobs were a side effect, but in the case of the Millicenso trojan the print jobs were the result of its efforts to remain hidden from antivirus engines.

“If you have seen junk like this being printed, someone on your network might be infected with W32.Printlove,” explains Symantec threat analyst Jeet Morparia.

Image credit: Symantec.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about etworkMicrosoftSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts