RE: Nimda affecting HP LaserJet / JetDirect devices?

From: auto241065at_private
Date: Fri Sep 21 2001 - 18:02:35 PDT

Next message: Hackemate.com.ar: "Bug in Apache 1.3.20 Server - Hackemate Research"

Previous message: Florian Weimer: "Re: Yet Another Nimda Thread (YANT)"
Maybe in reply to: Michael W. Shaffer: "Nimda affecting HP LaserJet / JetDirect devices?"
Next in thread: Trey Valenta: "Re: Nimda affecting HP LaserJet / JetDirect devices?"
Reply: Trey Valenta: "Re: Nimda affecting HP LaserJet / JetDirect devices?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You guys are pulling my leg right?

How the heck does it infect a printer? I was under the impression that codered and Nimda "infected" windows operating systems. I've heard the volume of traffic created could DOS devices like printers that used HTTP for management. I thought the original poster was either joking or the victim of a practical joke, but after a second post I must be the butt of the joke.

----- Original Message -----
>From: Richard.Grantat_private
>To: shafferat_private, incidentsat_private
>Subject: RE: Nimda affecting HP LaserJet / JetDirect devices?
>Date: Fri, 21 Sep 2001 15:42:07 -0400
>
>We have no less than 20 Lexmark printers that were infected. In every case
>they did not have up-to-date firmware. This started with Code Red and has
>continued with Nimda. There are some notible differences though, Code Red
>just started the printers sending out large quantities of packets. The Nimda
>infected machines are searching for Web servers. In both cases upgrading the
>firmware and restarting the printer has solved the problem. So far we have
>not had any of our HP's infected by Nimda as they were by Code Red. This is
>what we have found..
>
>-----Original Message-----
>From: Michael W. Shaffer [mailto:shafferat_private]
>Sent: Friday, September 21, 2001 1:36 PM
>Subject: Nimda affecting HP LaserJet / JetDirect devices?
>
>We are starting to get reports here from various users around our
>site that our HP network printers are displaying strange messages
>such as 'Good Morning', 'Nimda Live', and 'Kill Trees'. Has anyone
>else noticed this behavior? Any information on what vulnerability
>is being exploited here or whether this is the same Nimda agent as
>that propagating across Windows platforms would be greatly
>appreciated.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Hackemate.com.ar: "Bug in Apache 1.3.20 Server - Hackemate Research"
Previous message: Florian Weimer: "Re: Yet Another Nimda Thread (YANT)"
Maybe in reply to: Michael W. Shaffer: "Nimda affecting HP LaserJet / JetDirect devices?"
Next in thread: Trey Valenta: "Re: Nimda affecting HP LaserJet / JetDirect devices?"
Reply: Trey Valenta: "Re: Nimda affecting HP LaserJet / JetDirect devices?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Sep 22 2001 - 11:44:34 PDT