From : Ron Netherland, (PostScript Field Support) During the past several weeks, in numerous locations across the US, PostScript interpreter passwords have been reset by a PostScript virus. Once this occurs, the RIP or printer no longer responds to exitserver calls. There is no effective remedy - the EEPROM must be replaced. Depending on the physical location of the EEPROM, this may necessitate replacement of the EEPROM chip or replacement of the entire board. Of course the printer is out of service pending the repair. The origin of the virus is unknown at this point. It appears, because of the wide area of incident, that the virus is being distributed is some nationwide manner. It may be a font, a graphic, or anything else that serves to hide the following simple code: serverdict begin 0 exitserver statusdict begin 0 n setpassword ...where n is an integer or, in the case of at least some PostScript implementations, a real number, a string, and possibly other PostScript language objects. Except for a print job that fails to generate a page, there is probably no hint that the password has been changed until the next exitserver job. In the Macintosh environment this can very well be the following day when Laser Prep or Aldus Prep fails to download. By this time, the origin file has probably left the scene. The following file, appropriately called Password Alert!, should be used every time the printer is powered on or reset. The file will protect the PostScript interpreter from the password virus. If your transcription doesn't run, it probably contains a subtle typo. In this event, re-transcribe it and try again. Password Alert! serverdict begin 0 exitserver statusdict /setpassword {userdict begin /evilpassword exch def pop (! ! PASSWORD ALERT - NOTIFY OWNER ! !) = flush /Helvetica findfont 24 scalefont setfont 20 50 720 {70 exch moveto (! ! PASSWORD ALERT - NOTIFY OWNER ! !) show} for showpage stop } put  Password Alert! is designed to do three things: 1. It protects your printer or RIP by redefining the setpassword operator. The redefinition remains in effect from the time you download Password Alert! until the time you reset or reboot your printer or RIP. 2. If a print job tries to reset your password, Password Alert! crashes the job, sends a PostScript message to the printing application, and notifies the user via an alert page. 3. Password Alert! also captures the "evil" password you were about to receive and stores it harmlessly in userdict so you can reveal it. If an alert page shows up in your environment, you should apprehend the file being printed, complete with associated graphics and fonts (likely candidates for the virus code). You should also immediately use the Print Evilpassword utility to obtain a printout of the evil password. Associated with Password Alert! are three utility PostScript files: 1. Test - Attempts to change password (to confirm Password Alert! is installed) serverdict begin 0 exitserver statusdict begin 0 1 setpassword Test tries to change the password from 0 to 1. Download this file after downloading Password Alert! - you'll see the alert page print. If this doesn't happen, Password Alert! hasn't downloaded successfully (or has been transcribed incorrectly). You will probably see the standard %%[exitserver... message. If so, Test has changed you password to the number 1. 2. Revert to Zero - changes password from 1 back to 0 if needed. serverdict begin 1 exitserver statusdict begin 1 0 setpassword Revert to Zero changes the password from 1 back to 0. Download Revert to Zero if Test gives you the standard %%[exitserver... message and no alert. 3. Print Evilpassword /Helvetica findfont 12 scalefont setfont 70 70 moveto (The evil password is: ) show userdict /evilpassword load 256 string cvs show showpage