Symantec Warns About Milicenso Trojan!

The software security brand, Symantec’s researchers warn people about a Trojan named Milicenso which is creating threat to a million of users worldwide. Symantec Blog reported that the Trojan commands the printer servers to print garbage files till the time it run out of paper sheets. It also told that this Trojan was first found in 2010 and it may not be on purpose but a side effect. There are a numerous ways through which Milicenso spreads and is mostly associated with an adware called Adware Eorezo designed to focus French users. India, US and few countries in Europe and South America are affected by it.

Symantec Blog also told, :Trojan.Milicenso may arrive on a compromised computer by various means, such as malicious email attachments or visiting websites hosting malicious scripts. The latter often unintentionally occurs when a user clicks a link in an unsolicited email. We have also encountered quite a large number of samples that appear to be packaged as a fake codec. The Trojan creates and executes a dropper executable, which in turn creates a DLL file in the %System% folder. The dropper executable then deletes itself. It even checks to confirm if it’s not executing in a sandbox. The threat also performs Eorezo adware activities to withdraw attention from itself to stop analysis.

Symantec Warns About Milicenso Trojan!

Here is a list of the files created by the Trojan:

%System%\[RANDOM FILE NAME].exe

%ProgramFiles%\[EXISTING FOLDER NAME]\[RANDOM FILE NAME].exe

%Temp%\[RANDOM FILE NAME].exe

%System%\[RANDOM FILE NAME].dll

%ProgramFiles%\[EXISTING FOLDER NAME]\[RANDOM FILE NAME].dll

%Temp%\[RANDOM FILE NAME].dll

The report further said, “Wecontinue to analyze new samples related to this threat and will update our protection coverage as needed. Even as we go to press with this report, we have just learned that SANS have posted further information about a new variant of Trojan.Milcenso. This variant has been modified with garbage padding in the executable designed to help it avoid detection. This goes to show the malware authors are still hard at work trying to spread their warez. Rest assured we are just as determined to stop them. As always, be sure to follow best security practices, and keep your security product updated with the latest definitions.”