RE: Nimda affecting HP LaserJet / JetDirect devices?

[Richard.Grant () mail state ky us]

We have no less than 20 Lexmark printers that were infected. In every case
they did not have up-to-date firmware. This started with Code Red and has
continued with Nimda. There are some notible differences though, Code Red
just started the printers sending out large quantities of packets. The Nimda
infected machines are searching for Web servers. In both cases upgrading the
firmware and restarting the printer has solved the problem. So far we have
not had any of our HP's infected by Nimda as they were by Code Red. This is
what we have found..

-----Original Message-----
From: Michael W. Shaffer [mailto:shaffer () labs agilent com]
Sent: Friday, September 21, 2001 1:36 PM
To: incidents () securityfocus com
Subject: Nimda affecting HP LaserJet / JetDirect devices?


We are starting to get reports here from various users around our
site that our HP network printers are displaying strange messages
such as 'Good Morning', 'Nimda Live', and 'Kill Trees'. Has anyone
else noticed this behavior? Any information on what vulnerability
is being exploited here or whether this is the same Nimda agent as
that propagating across Windows platforms would be greatly
appreciated.

[ Michael W. Shaffer                            Agilent Labs RCS ]
[ email: shaffer () labs agilent com         phone: +1 650.485.2955 ]
[ public key: http://alcatraz.labs.agilent.com/shaffer/publickey ]



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com