[Dshield] Known instances of malware using printers as an attack vector?

TheGesus thegesus at gmail.com
Wed Feb 28 16:06:52 GMT 2007

This ftp printer attack sounds interesting....


According to the author it can make certain HP printers unusable.  As
in DEAD.  Not even a power cycle revives them.  I never heard a
followup on that one.

If you have a Big Ass Xerox Printer printing your payroll/bills/etc,
chances are it has a Sun box attached to it that has never seen a
security patch.

nmap can often use a printer for an Idlescan...


Although it doesn't involve printers directly, there was also lately
an HP print driver that offers near-instant privilege escalation to


We found it on over 170 workstations and 20 servers (in a 4000 user

On 2/27/07, ed.truitt at etee2k.net <ed.truitt at etee2k.net> wrote:
> I have been asked to look into whether our network printers present a
> level of risk to the network that is higher than has been the case in
> previous years.  In order to answer that question, I was wondering if
> anyone has solid evidence of the following:
> * Malware (of whatever type) that actually attacks printers, or uses a
> vulnerability found on a network printer to propogate
> * An increase in vendor disclosures of vulnerabilities in their
> printing products, and specifically an increase in the number of
> security fixes (patches) issued for printer-related vulnerabilities
> TIA for any assistance you can provide.
> ~Ed T.
> _________________________________________
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)

More information about the list mailing list