Press Releases

Browse our press release archive

11 May 2006

Crazy owl preys on network printers, Sophos reports on Hoots worm

The worm tries to send pictures of an owl to attached network printers
The worm tries to send pictures of an owl to attached network printers.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have discovered a worm that attempts to send a photograph of an owl to attached network printers.

The W32/Hoots-A worm is written in Visual Basic and spreads via network shares. Once it has infected a computer it attempts to send a graphical image of an owl with the legend "O RLY?" to a number of predefined print queues.

"This isn't the work of a professional virus writer. Most malware authors these days encrypt their executables with packers in an attempt to make them harder to detect, this one does not. It is also written in Visual Basic, which is unusual for a virus today. But the smoking gun is that the worm has hardcoded within it the specific network paths to almost 40 different printers," said Graham Cluley, senior technology consultant for Sophos. "It appears this malware was written for a specific organization, by someone who had inside knowledge of their IT infrastructure."

The phrase "O RLY?" is internet slang for "Oh really?", and is often accompanied by a picture of a snowy white owl.

"Why the author should want to print out pictures of an owl is, of course, anybody's guess," continued Cluley.

Sophos has only received reports of the malware from one customer, and is working with the organization to provide more information which may help identify the creator of the worm.

Sophos recommends companies put in place a consolidated solution to defend against viruses, spyware and spam, and ensure that it is automatically updated as new threats emerge.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.