[Dshield] Known instances of malware using printers as an attack vector?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Feb 27 21:39:00 GMT 2007

On Tue, 27 Feb 2007 13:21:18 CST, ed.truitt at etee2k.net said:
> I have been asked to look into whether our network printers present a  
> level of risk to the network that is higher than has been the case in  
> previous years.

A higher *actual* level of risk, or did you just realize that you've been
leaving the back door of the house unlocked all these years?

(Serious question, that - people are *very* bad at estimating the difference
between perceived and actual risks)

> * Malware (of whatever type) that actually attacks printers, or uses a  
> vulnerability found on a network printer to propogate

Most of what I've seen has been printers that have embedded Windows systems
for control boxes getting whacked by generic Windows exploits, although the occasional printer's hard drive intended
for queueing jobs gets turned into an anonymous FTP warez server.

Another problem is when printers that have their own custom operating system
that understands Microsoft networking get hit with scanners looking for
known Windows holes, and they fall over when they see the exploit packet.

> * An increase in vendor disclosures of vulnerabilities in their  
> printing products, and specifically an increase in the number of  
> security fixes (patches) issued for printer-related vulnerabilities

Vendor disclosures? No, by and large they Just Don't Get It yet.  You might
want to rephrase the question to be disclosures in general, to include the
cases where a 3rd party releases the advisory.

(For that matter, it's the rare printer manufacturer that even realizes that
the software in the printer is software, and that customers might actually
want to apply patches once in a while).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/list/attachments/20070227/a318c409/attachment.bin 

More information about the list mailing list