(work in progress -- will get updated eventually)
There are many aliases from different A/V vendors as previously mentioned on my blog
(Ponmocup, Pirminay, Kryptik, Swisyn, Vundo, Monder, Virtumonde/Virtumondo etc.).
The most often used lately is "Trojan Milicenso" by Symantec, which has a good blog post and detection description about it..
And it's been around at least since 2009, not just 2010 as mentioned in several places.
Update 2012-08-13: there have been some more related posts published since my original post
2012-07-04: Symantec blog "Trojan.Milicenso: Infection through .htaccess Redirection"
2012-07-02: Symantec blog "Printer Madness: W32.Printlove Video"
2012-06-25: ComputerWorld article "Malware infection forces printers to print garbled data"
2012-06-25: ITWorld "Printer malware – Wingdings gone wild"
2012-06-23: The Hacker News "Trojan.Milicenso - Printer Trojan cause massive printing"
2012-06-22: ZDNet "Thousands of office printers hit by 'gibberish' malware"
2012-06-22: Bloomberg Tech Blog "When Hackers Fumble: ‘Printer Bomb’ Noisily Announces Attack"
2012-06-22: NET-Security "Trojan infection triggers massive printing jobs"
2012-06-21: ARStechnica "Printer bomb malware wastes reams of paper, sparks pandemonium"
2012-06-21: SANS ISC diary "Print Bomb? (Take 2)"
2012-06-21: Symantec blog "Trojan.Milicenso: A Paper Salesman’s Dream Come True"
2012-06-14: Symantec KB article "Malware is causing network printers to print random ASCII characters"
2012-06-13: Mcafee Threat Advisory "Vundo"
2012-06-08: SANS ISC diary "Print Bomb?" (see also comments)
2012-06-08: Symantec forum thread "Print server gone wild"
2012-06-07: McAfee community forum thread "Printer Virus?"
2012-06-03: c-APT-ure blog post "Introducing Ponmocup-Finder"
2012-05-16: Sophos detection "Troj/Ponmocup-F"
2012-04-27: c-APT-ure blog post "Hunting Ponmocup Botnet"
2012-04-13: Collection of my tweets on Storify "A/V failed for Ponmocup malware!?"
2012-04-08: IOC on ForensicArtifacts.com "Ponmocup IOC released"
2012-03-08: c-APT-ure blog post "Ponmocup, lots changed, but not all"
2012-02-20: Ponmocup analysis page created "Why so many diff A/V detections?"
2012-02-18: c-APT-ure blog post "Not APT, but nasty malware (Ponmocup botnet)"
2011-11-15: Mandiant forum thread started "IOC request for Ponmocup malware (botnet)"
2011-05-30: created web page "Collection of links related to the Ponmocup botnet"
2011-05-23: Abuse.ch blog "How Big is Big? Some Botnet Statistics"
2011-04-22: TrendMicro detection "TSPY_PIRMINAY.A"
2011-04-21: Malware Survival "Media Site Pimping Malware"
2011-04-20: Sophos detection "Mal/Ponmocup-A" (detailed analysis of 3 samples)
2010-12-06: SPAMfighter news: "New Trojan Blocks Access To Bittorrent Websites: Webroot"
2010-11-25: Softpedia news "The Pirate Bay and Mininova Blocked by Mysterious New Trojan"
2010-11-24: Webroot blog "Troublesome Trojan Trammels Torrent Sites"
2010-07-14: Symantec detection created "Trojan.Milicenso"
2010-06-04: Microsoft MPC Encyclopedia entry "TrojanDownloader:Win32/Ponmocup.A"
2010-03-19: Sophos detection "Troj/Mdrop-CLC"
2009-12-30: Microsoft MPC Detection initially created "TrojanDropper:Win32/Ponmocup.A"
2009-11-22: Microsoft MPC Detection initially created "TrojanDownloader:Win32/Ponmocup.A"
Please report any broken (or obviously wrong) links, thanks.
Feedback and questions are welcome!
@c_APT_ure
No comments:
Post a Comment