Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Spammers might be having another avenue for troubling Internet users. According to security researcher Adam Weaver, network printers could be hijacked and used by spammers to distribute whatever unwanted information they intend to give out.

    A little-known facility in Web browsers, which Weaver calls “cross site printing”, can be used by a malicious user to launch a print job on a printer on an affected user’s network. All it takes is a visit to a malicious Web page, and the spamming activities through network printers could commence.

    Besides printing annoying messages, the malicious Web site is seen as capable of discharging potentially more dangerous commands, sending fax messages for instance if the device is available, formatting a printer’s hard drive, or downloading firmware.

    Just an iframe added to a Web site could set off a network printer to start printing remotely, Weaver adds. Only network printers would be vulnerable to spamming through this means; printers plugged directly to a PC would not be at risk.

    This discovery would be unprecedented, as an attack such as this has never been demonstrated before. Researchers agree that this could very well increase possible attacks using local area connections.

    The solution to this problem lies on both browser and printer security. Mozilla, for instance, blocks ports that are linked to known system vulnerabilities. However, many ports are still left open. Weaver, at then end of his paper, volunteers some valuable tips in keeping network printers secure: administrator passwords should be set on printers and access it should be restricted so that the printer accepts only print jobs from a centralized print server.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice