Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: treeves@hpuxa.ircc.ohio-state.edu (Terry Reeves) Newsgroups: comp.virus Subject: postscript trojan Message-ID: <0002.9008101840.AA07688@ubu.cert.sei.cmu.edu> Date: 8 Aug 90 20:27:25 GMT Sender: Virus Discussion List Lines: 28 Approved: krvw@sei.cmu.edu A few days ago there was a series of messages about a laser writer trojan horse that set the password to some unknown value. A fix was also posted. (a program that could reset the password without knowing the old one.) Noone said what the name of the trojan horse was, or what it claimed to be good for. Does anyone know? The fix included the caveat that it would probably fail on postscript clones. Ok. We have a kyocera Q8010 that has apparently been hit. Or some bright reader of comp.virus suddenly realised printers have passwords and just sent down the commands to change it from 0 to whatever. Yes, the fix failed on this clone. I am in contact with Kyocera, but I am not sure they will be able to help. I fear they will say you can't reset passwords without knowing the old one. It occurs to me that maybe the fix program fails because the password is in a different spot in the eprom. Any ideas? Specifically woud the authors of the fix routines be interested in adapting them to this printer if I could get them technical info like the location of the password? Anyone agree with me that maybe the password should be in cmos so we could open the case and yank the battery? Not that agreeing with me will do much good - but I'd feel better. Terry Reeves The Ohio State University REEVES.2@OSU.EDU