"printer Bomb" Spread Using Compromised .htaccess Files

snoopy · Jul 5, 2012

5 July 2012, 13:19
"Printer Bomb" spread using compromised .htaccess files

Source: Symantec Compromised .htaccess files on web servers allowed the "Printer Bomb" trojan to spread, says a Symantec researcher. The "Printer Bomb" trojan, named Trojan.Milicenso by Symantec, was notable for creating massive print jobs full of garbage characters that made printers run out of paper. The security company's initial investigations revealed malware exhibiting the common pattern of spreading either through malicious email attachments or through web sites hosting malicious scripts, and designed for delivering different payloads.

But further investigation has revealed that the malware uses modified .htaccess files on compromised web sites to silently send users to download the Milicenso malware. .htaccess files are used on web servers to help control access to directories and their contents on a per directory basis. They are also capable of rewriting URLs and redirecting browsers and it is this capability that the malware authors have been making use of. By uploading their own .htaccess file to servers, visitors to the compromised server can be silently sent to the malware author's site where trojans can be downloaded and installed.
Click to expand...

Read more plus Symantec's diagram of .htaccess redirection Zoom http://www.h-online.com/security ews/item/Printer-Bomb-spread-using-compromised-htaccess-files-1632779.html

Log in or Sign up

"printer Bomb" Spread Using Compromised .htaccess Files

snoopy Registered Members

Share This Page

Log in or Sign up

"printer Bomb" Spread Using Compromised .htaccess Files

snoopy Registered Members

Share This Page

Useful Searches