Security Researchers: Recent Rogue Printing Incidents Linked to Second Malware Program

The propagation routine of the W32.Printlove worm can cause the printing of useless data, Symantec researchers say.
By Lucian Constantin
News Jul 4th 2012

A computer worm that propagates by exploiting a 2010 Windows vulnerability is responsible for some of the recent incidents involving network printers suddenly printing useless data, according to security researchers from Symantec.

Many companies have reported unauthorized printing incidents in recent weeks, prompting antivirus firms to investigate the possible causes.

On June 21, Symantec reported that the rogue printouts were the result of computers being infected with a Trojan program called Trojan.Milicenso.

However, the company's researchers have since determined that the propagation routine of a separate piece of malware, a worm called W32.Printlove, can cause similar problems, Symantec researcher Jeet Morparia said Monday in a blog post.

W32.Printlove infects other computers on the local network by exploiting a remote code execution vulnerability in the Microsoft Windows Print Spooler service that was patched in September 2010. Identified as CVE-2010-2729, this vulnerability was also exploited by the Stuxnet industrial sabotage worm to spread.