We have no less than 20 Lexmark printers that were infected. In every case they did not have up-to-date firmware. This started with Code Red and has continued with Nimda. There are some notible differences though, Code Red just started the printers sending out large quantities of packets. The Nimda infected machines are searching for Web servers. In both cases upgrading the firmware and restarting the printer has solved the problem. So far we have not had any of our HP's infected by Nimda as they were by Code Red. This is what we have found.. -----Original Message----- From: Michael W. Shaffer [mailto:shafferat_private] Sent: Friday, September 21, 2001 1:36 PM To: incidentsat_private Subject: Nimda affecting HP LaserJet / JetDirect devices? We are starting to get reports here from various users around our site that our HP network printers are displaying strange messages such as 'Good Morning', 'Nimda Live', and 'Kill Trees'. Has anyone else noticed this behavior? Any information on what vulnerability is being exploited here or whether this is the same Nimda agent as that propagating across Windows platforms would be greatly appreciated. [ Michael W. Shaffer Agilent Labs RCS ] [ email: shafferat_private phone: +1 650.485.2955 ] [ public key: http://alcatraz.labs.agilent.com/shaffer/publickey ] ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 13:22:48 PDT