Last night my wireless network connected printer started up by itself, and printed off a sheet that said
GET hxxp://zerg.helllabs.net/cgi-bin/textenv.pl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
The Diamond and the Smiley are similar in the printout I just didn't know how to put them in here. OK so this creeped me out. It did this twice before I unplugged the modem and router, and shut down my computer.
The same thing happened to me last night, exactly except for 8/8 on Accept, I had */*. I was out of the house, but when I returned there were two printed pages.
I have looked at the Hell Labs website, and they have some sort of proxy server software there. Which means 'hidden identity'
From playing around with the information I gathered further, I have spent the rest of the morning looking at proxy settings and printer hacking ,
I realized that the intrusion must have something to do with the dynamic DNS I had set up so I could stream my iTunes audio to my iPhone over the internet.
I was able to get similar results by typing my ip like this, with the open port number of 9100
hxxp://XX.XX.XX.XX:9100/ (Capital X's are your ip, or in my case also the dynamic DNS)
My results from Safari
GET / HTTP/ 1.1
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; en) AppleWebKit/531
So it seems that you have been intruded on, as have I, by the same person, "Diamond Happy PH"
I do not feel at this time that I have been further intruded on, but I need to look at the firmware of my printer.
I am uncomfortable by the language settings on the intrusion, originating in China, but at this time I feel that the attack is more of a message in a bottle. It seems that one could write a webcrawler type robot that would universally ping port 9100, and then print little messages like "diamond happy PH"
Hope this helps, and hopefully someone with more geek powers can explain this better.
Maybe someone could contact Hell Labs?
I also forund this website helpful and more confusing:http://www.irongeek.com/i.php?page=security/networkprinterhacking#Don't forget to look for Stored Documents via the web interface
://http://www.irongeek.com/i.php?page=... web interface