your printer can infect your entire network of malware because of the driver. Usually, manufacturers do not write the codes for the drivers securely, hence it is exploitable. That added with the fact that Anti Virus on your PC rarely scan printer drivers, or network based AV rarely scan printers, hence the outbreak.

Also, plus the fact that printer manufacturers rarely provide security patch for the printers.

Usually, an IDS/NIDS will be able to detect such attack.

There was a case some years back shared by IBM ISS, a soda vendor machine which was connected to the LAN got the entire network infected. Preliminary investigation failed to find the souce of the infection, until the IT Security team check the logs of the NIDS and it pointed out to the soda vending machine. The soda vending machine was running Windows XP, build-on-chip. There was an exploit for vulnerability and all PC & servers were patch in the organization, except for the vending machine. It's a build on chip, you can't patch it.

Also, printer drivers are where hackers would usually hide their malware/backdoor after breaking into a network. The least likely place to be scanned or check.

---

Added on May 28, 2011, 11:14 amIt can, and it's been demo at MyCERT back in 2002 at their quarterly Knowledge Sharing Session by their Security Czar, Kamal Hilmi.


This post has been edited by trifecta: May 28 2011, 11:14 AM