It sounds like a throwback to the 1980s, but security company Sophos has reported the existence of a new "prank" worm that hijacks network print queues to perform a uniquely ludicrous stunt -- it attempts to print a large picture of an owl.
According to Sophos, the W32/Hoots-A worm was written to target a single customer, using detailed knowledge of that company's print queues. It could not successfully target other companies for that reason.
Overlaid on the picture of the owl is the phrase "O RLY?", short for "Oh really?", an abbreviation popular on the Internet. This phrase is often, though not always, associated with the image of an owl for reasons probably worthy of a sociological dissertation.
It's all very fishy, and out of its time. Prank programs are supposed to be from the early days of viruses in the late 1980s and early 1990s, written for fun more than profit. There could be a serious side to this one, however.
"We think this is something that has been written for a specific company as an inside job," said Graham Cluley of Sophos.
"This isn't the work of a professional virus writer. Most malware authors these days encrypt their executables with packers in an attempt to make them harder to detect, this one does not. It is also written in Visual Basic, which is unusual for a virus today."
The worm contained hard-coding to hit a total of 40 different print queues within the unnamed company, he confirmed.
Details are sparse, but the worm is known to comprise two executables. Once it has found a PC to infect, a link to one of these is installed under the Windows start menu.
Despite the probably humorous intention behind this piece of prankware, it will be seen by some in the industry as another example of the increasingly targeted nature of malware.
It also raises the possibility that printers could be targeted by other worms or Trojans, requiring companies to look at how they should protect such assets from abuse. There is no reason, in principle, why a worm that directs a printer to print a picture of an owl could not be adapted to print confidential information as well. All that would be required is inside information on print queues.