14 DAY TRIAL // Symantec experts have further analyzed Trojan.Milicenso, the malware that makes printers print garbage characters until they run out of paper. They've determined that the threat actually spreads via .htaccess redirection web attacks.
So far, around 4,000 websites from 90 different countries have been compromised in the scheme.
The .htaccess file is normally utilized by web administrators to redirect traffic based on certain conditions or restrict access to certain pages, but the cybercriminals behind Milicenso have turned these functions to their advantage.
When a victim accesses a hijacked website, the webserver redirects him/her to a malicious site based on .htaccess. This malicious site is the one from which the malware is actually downloaded.
The file also allows the crooks to filter out users who don’t utilize Windows, non-popular browsers, and those who access the site via search engine results or email.
Webmasters who find suspicious .htaccess files on their sites must delete and replace them with a clean backup.