Sign in with
Sign up | Sign in
Your question

Lexmark Printer Users Beware of Spyware

Last response: in Computer Peripherals
Share
November 9, 2004 11:17:25 AM

Archived from groups: misc.consumers,comp.periphs.printers (More info?)

Yes, Lexmark is now in the Spyware business!

Just the other day I purchased a new Lexmark X5250 All-in-one printer.
I installed it as per the instructions and monitored the install with
Norton as I do with all new software.

On reviewing the install log I noticed a program called Lx_CATS had
been placed in the c:\program files directory. I investigated and
found a data log and an initialisation file called Lx_CATS.ini.
Further investigation of this file showed that Lexmark had, without my
permission, loaded a Trojan backdoor on to my computer. Furthermore,
it is embedded into the system registry, so average users would likely
never know it was there and active.

This Lexmark Trojan was programmed to monitor my use of the printer by
way of data collected from two DLLs in the c:\program files\lexmark500
folder. The Trojan would then send information on printer usage,
including types of print activity, scanning activity, OCR activity
etc., back to a hidden URL at 30 day intervals.

The URL, www.lxkcc1.com, is identified as being owned by Lexmark.

When I called and spoke with Lexmark support, they denied all
knowledge of any such program, and suggested I had somehow been
infected by a virus. When I challenged them with the facts, they
ultimately aknowleged that this was indeed activity tracking software
that reported printer and cartridge use back to them for "survey"
purposes. Lexmark said that "no personal data" was relayed by the
program, and that I could not be personally identified by it. However
- the program transmits the printer serial number, and when I
registered the warranty with Lexmark, they recorded my personal
information along with the serial number. How much effort does it take
to match the two?

I call it spying! I was not advised of this part of the installation,
nor was I asked to agree to be part of any such data gathering
activity. I see this as a breach of my privacy, and as deplorable
behaviour by Lexmark.

Lexmark users beware! But, they may not be the only ones stealing your
private information.
Anonymous
November 9, 2004 11:32:48 AM

Archived from groups: misc.consumers,comp.periphs.printers (More info?)

In article <3ec7f2e1.0411090817.3c9c0c7@posting.google.com>,
Commander_rn1@yahoo.com says...
> Yes, Lexmark is now in the Spyware business!
>
> Just the other day I purchased a new Lexmark X5250 All-in-one printer.
> I installed it as per the instructions and monitored the install with
> Norton as I do with all new software.
>
> On reviewing the install log I noticed a program called Lx_CATS had
> been placed in the c:\program files directory. I investigated and
> found a data log and an initialisation file called Lx_CATS.ini.
> Further investigation of this file showed that Lexmark had, without my
> permission, loaded a Trojan backdoor on to my computer. Furthermore,
> it is embedded into the system registry, so average users would likely
> never know it was there and active.
>
> This Lexmark Trojan was programmed to monitor my use of the printer by
> way of data collected from two DLLs in the c:\program files\lexmark500
> folder. The Trojan would then send information on printer usage,
> including types of print activity, scanning activity, OCR activity
> etc., back to a hidden URL at 30 day intervals.
>
> The URL, www.lxkcc1.com, is identified as being owned by Lexmark.
>
> When I called and spoke with Lexmark support, they denied all
> knowledge of any such program, and suggested I had somehow been
> infected by a virus. When I challenged them with the facts, they
> ultimately aknowleged that this was indeed activity tracking software
> that reported printer and cartridge use back to them for "survey"
> purposes. Lexmark said that "no personal data" was relayed by the
> program, and that I could not be personally identified by it. However
> - the program transmits the printer serial number, and when I
> registered the warranty with Lexmark, they recorded my personal
> information along with the serial number. How much effort does it take
> to match the two?
>
> I call it spying! I was not advised of this part of the installation,
> nor was I asked to agree to be part of any such data gathering
> activity. I see this as a breach of my privacy, and as deplorable
> behaviour by Lexmark.
>
> Lexmark users beware! But, they may not be the only ones stealing your
> private information.
>
It's obvious Lexmark has punctured your tinfoil hat without your
knowledge.
--
Thanks for the laughs..
Anonymous
November 9, 2004 7:59:14 PM

Archived from groups: misc.consumers,comp.periphs.printers (More info?)

I'm not sure why people are making fun of the OP here. I see
no reason to disbelieve what he wrote, and I agree that it is
a serious invasion of privacy.

Before you say, "What does it matter?" consider that with this
spyware, Lexmark can probably determine if you are using
non-OEM or refilled cartridges, and they may use either of
these as an excuse to refuse to honor their warranty if your
printer has a problem.
Related resources
Anonymous
November 9, 2004 8:21:37 PM

Archived from groups: misc.consumers,comp.periphs.printers (More info?)

["Followup-To:" header set to comp.periphs.printers.]
On Tue, 9 Nov 2004 16:59:14 +0000 (UTC), Jonathan Kamens wrote:
> I'm not sure why people are making fun of the OP here. I see
> no reason to disbelieve what he wrote, and I agree that it is
> a serious invasion of privacy.

If it's true, it's a veri poor sign for lexmark.

However, is there enough proof? Lx_CATS is unknown to web and news
google.

lxkcc1.com does indeed trace to lexmark - but there's little proof up to
now whether these files really were installed.


Where's the proof?
- which printer
- which driver
- where from?
- what data? (anonymized, but meaningful)
November 9, 2004 8:21:38 PM

Archived from groups: comp.periphs.printers (More info?)

On 9 Nov 2004 17:21:37 GMT, Martin Trautmann <t-use@gmx.net> wrote:

>However, is there enough proof? Lx_CATS is unknown to web and news
>google.
>

Not true any longer since this thread exists now but even so, just
because it's not on the net doesn't prove/disprove anything.
The OP has said Lexmark by phone has admitted to this spyware /
tracking software as part of his installation.


>lxkcc1.com does indeed trace to lexmark - but there's little proof up to
>now whether these files really were installed.
>

Yeah I agree with you. Why don't you ask the OP to invite you to
dinner at his place so you can check this out and get a free dinner
outa it too.
Anonymous
November 9, 2004 8:24:42 PM

Archived from groups: comp.periphs.printers (More info?)

On 9 Nov 2004 17:21:37 GMT, Martin Trautmann wrote:
> Where's the proof?
> - which printer
> - which driver
> - where from?
> - what data? (anonymized, but meaningful)

Such as
http://downloads.lexmark.com/
=> CJB5200EN.exe , Version 1.0.10.0

(which platform?)
Anonymous
November 10, 2004 12:09:26 PM

Archived from groups: comp.periphs.printers (More info?)

On Tue, 09 Nov 2004 12:06:22 -0600, jim wrote:
> On 9 Nov 2004 17:21:37 GMT, Martin Trautmann <t-use@gmx.net> wrote:
>
> >However, is there enough proof? Lx_CATS is unknown to web and news
> >google.
> >
>
> Not true any longer since this thread exists now but even so, just
> because it's not on the net doesn't prove/disprove anything.
> The OP has said Lexmark by phone has admitted to this spyware /
> tracking software as part of his installation.

It's a hint, but not a proof yet - I don't know the sender, I don't know
the name of the 'official' Lexmark hotline person, I don't know the
exact dialog and whether this really was admitting.

> >lxkcc1.com does indeed trace to lexmark - but there's little proof up to
> >now whether these files really were installed.
> >
>
> Yeah I agree with you. Why don't you ask the OP to invite you to
> dinner at his place so you can check this out and get a free dinner
> outa it too.

could be quite expensive - when's the next flight from Germany going?


I don't need to proof it myself. It's good to know that there might be
some real spyware problem. It should take further investigation. But up
to now it's only a statement from someone I don't know and a message
which could be a hoax.
Anonymous
November 10, 2004 5:24:05 PM

Archived from groups: misc.consumers,comp.periphs.printers (More info?)

Hello Jonathan:
You wrote on Tue, 9 Nov 2004 16:59:14 +0000 (UTC):

JK> Before you say, "What does it matter?" consider that with this
JK> spyware, Lexmark can probably determine if you are using
JK> non-OEM or refilled cartridges, and they may use either of
JK> these as an excuse to refuse to honor their warranty if your
JK> printer has a problem.

No, they can't, unless the printer also told them the name, phone number and
address.

And even then, I don't see how could they phrase such a denial. "The
software we installed on your computer told us you were using OEM
cartridge"?
Anonymous
November 10, 2004 5:37:10 PM

Archived from groups: misc.consumers,comp.periphs.printers (More info?)

"bat" <bat@bats.com> writes:
>No, they can't, unless the printer also told them the name, phone number and
>address.

The OP already explained this: The spyware reports the printer
serial number. The user reported the serial number along with
his name, phone number and address when registering the
printer.

>And even then, I don't see how could they phrase such a denial. "The
>software we installed on your computer told us you were using OEM
>cartridge"?

If the printer breaks, the user will have to send it back for
service. The warranty service center can then claim that they
had determined from examining the printer that unauthorized
and/or refilled cartridges had been used. They don't have to
explain how.

Also, assuming that the click-through agreement mentions in
the fine print that usage information is collected and
transmitted to Lexmark, which it probably does, then they
would be on perfectly sound legal ground to tell the user
exactly what you suggested above.
Anonymous
November 10, 2004 6:06:40 PM

Archived from groups: misc.consumers,comp.periphs.printers (More info?)

["Followup-To:" header set to comp.periphs.printers.]
On 9 Nov 2004 08:17:25 -0800, Commander wrote:
> Lexmark users beware! But, they may not be the only ones stealing your
> private information.

I was told that HP laptop printer did the same thing some months ago!?
Anonymous
November 10, 2004 6:28:40 PM

Archived from groups: misc.consumers,comp.periphs.printers (More info?)

JK> If the printer breaks, the user will have to send it back for
JK> service. The warranty service center can then claim that they
JK> had determined from examining the printer that unauthorized
JK> and/or refilled cartridges had been used. They don't have to
JK> explain how.

JK> Also, assuming that the click-through agreement mentions in
JK> the fine print that usage information is collected and
JK> transmitted to Lexmark, which it probably does, then they
JK> would be on perfectly sound legal ground to tell the user
JK> exactly what you suggested above.

I agree, that makes sense. But it's easy if all their repairs are
centralized; if they are performed in some service centers, dealerships and
such, Lexmark would have to implement a project of communicating that
database to all of them, and train how to use it, including how to lie. Hmm.

If they had the brainpower sufficient to mastermind and implement such a
sophisticated scheme, they would had applied it long ago to their main
product. If that was the case, HP would be forgotten long ago.

It's a mistery why all scammers and spammers easily implement the cutting
edge ideas and technologies to deliver their scam, but never to come up with
a decent product.
Anonymous
November 10, 2004 10:00:03 PM

Archived from groups: comp.periphs.printers (More info?)

Martin Trautmann (t-use@gmx.net) writes:
> On Tue, 09 Nov 2004 12:06:22 -0600, jim wrote:
>> On 9 Nov 2004 17:21:37 GMT, Martin Trautmann <t-use@gmx.net> wrote:
>>
>> >However, is there enough proof? Lx_CATS is unknown to web and news
>> >google.
>> >
>>
>> Not true any longer since this thread exists now but even so, just
>> because it's not on the net doesn't prove/disprove anything.
>> The OP has said Lexmark by phone has admitted to this spyware /
>> tracking software as part of his installation.
>
> It's a hint, but not a proof yet - I don't know the sender, I don't know
> the name of the 'official' Lexmark hotline person, I don't know the
> exact dialog and whether this really was admitting.
>
>> >lxkcc1.com does indeed trace to lexmark - but there's little proof up to
>> >now whether these files really were installed.
>> >
>>
>> Yeah I agree with you. Why don't you ask the OP to invite you to
>> dinner at his place so you can check this out and get a free dinner
>> outa it too.
>
> could be quite expensive - when's the next flight from Germany going?
>
>
> I don't need to proof it myself. It's good to know that there might be
> some real spyware problem. It should take further investigation. But up
> to now it's only a statement from someone I don't know and a message
> which could be a hoax.


The last time this came up I think the file name was "lexrepps" or
something like that. I called Lexmark and was told its function was to
connect to networked computers on your system, surely a desireable feature
(and even today one that seems to an irritant when a printer works with only
one computer). That was called "spyware" too.

Brendan
--
Anonymous
November 11, 2004 9:01:00 PM

Archived from groups: comp.periphs.printers (More info?)

In article <3ec7f2e1.0411090817.3c9c0c7@posting.google.com>,
Commander_rn1@yahoo.com (Commander) wrote:

> Yes, Lexmark is now in the Spyware business!

http://news.zdnet.co.uk/0,39020330,39173517,00.htm

Jon.
Anonymous
November 12, 2004 1:08:54 PM

Archived from groups: comp.periphs.printers (More info?)

On Thu, 11 Nov 2004 18:01 +0000 (GMT Standard Time), Jon O'Brien wrote:
> In article <3ec7f2e1.0411090817.3c9c0c7@posting.google.com>,
> Commander_rn1@yahoo.com (Commander) wrote:
>
> > Yes, Lexmark is now in the Spyware business!
>
> http://news.zdnet.co.uk/0,39020330,39173517,00.htm

ok, the posting made it to zdnet - but no extra info is given by now.
Anonymous
November 12, 2004 3:10:00 PM

Archived from groups: comp.periphs.printers (More info?)

In article <slrncp92tm.8hl.t-use@ID-685.user.individual.de>, t-use@gmx.net
(Martin Trautmann) wrote:

> ok, the posting made it to zdnet - but no extra info is given by now.

What did you expect Lexmark to do? Issue press releases saying that those
responsible have been hung, drawn and quartered? Send someone round to the
poster's house to beg forgiveness? Close the company down out of shame?

I assumed the poster wanted the message spread as widely as possible, so I
let a group of journalists know about it. One of them picked it up and ran
with it. It's only been on ZDNet for a couple of days but something could
come of it yet. It may, at least, stop the buggers using the intrusive
software in the future.

Jon.
Anonymous
November 13, 2004 11:49:20 PM

Archived from groups: comp.periphs.printers (More info?)

Jon@NOonlySPAMbrowsingTHANX.com (Jon O'Brien) wrote in
news:memo.20041112121001.3408C@blue.compulink.co.uk:

> In article <slrncp92tm.8hl.t-use@ID-685.user.individual.de>,
> t-use@gmx.net (Martin Trautmann) wrote:
>
>> ok, the posting made it to zdnet - but no extra info is given by now.
>
> What did you expect Lexmark to do? Issue press releases saying that
> those responsible have been hung, drawn and quartered? Send someone
> round to the poster's house to beg forgiveness? Close the company down
> out of shame?
>
> I assumed the poster wanted the message spread as widely as possible,
> so I let a group of journalists know about it. One of them picked it
> up and ran with it. It's only been on ZDNet for a couple of days but
> something could come of it yet. It may, at least, stop the buggers
> using the intrusive software in the future.
>
> Jon.

Just to let people know, this thread and some of the mentioned links have
been placed on http://slashdot.org

Nothing new, but it's going to get a lot of attention now...

Russ
November 14, 2004 8:06:19 AM

Archived from groups: misc.consumers,comp.periphs.printers (More info?)

If UCITA is passed, Lexmark to use the self-help clause to
disable your computer if you violated the license.
Anonymous
November 14, 2004 11:45:43 AM

Archived from groups: misc.consumers,comp.periphs.printers (More info?)

Get some spy-ware trapping software, and run it regularly.
That should prevent you being surprised by this kind of
thing.

I use a Webroot product called "Spy Sweeper."




On 9 Nov 2004 08:17:25 -0800, Commander_rn1@yahoo.com
(Commander) wrote:

>Yes, Lexmark is now in the Spyware business!
>
>Just the other day I purchased a new Lexmark X5250 All-in-one printer.
>I installed it as per the instructions and monitored the install with
>Norton as I do with all new software.
>
>On reviewing the install log I noticed a program called Lx_CATS had
>been placed in the c:\program files directory. I investigated and
>found a data log and an initialisation file called Lx_CATS.ini.
>Further investigation of this file showed that Lexmark had, without my
>permission, loaded a Trojan backdoor on to my computer. Furthermore,
>it is embedded into the system registry, so average users would likely
>never know it was there and active.
>
>This Lexmark Trojan was programmed to monitor my use of the printer by
>way of data collected from two DLLs in the c:\program files\lexmark500
>folder. The Trojan would then send information on printer usage,
>including types of print activity, scanning activity, OCR activity
>etc., back to a hidden URL at 30 day intervals.
>
>The URL, www.lxkcc1.com, is identified as being owned by Lexmark.
>
>When I called and spoke with Lexmark support, they denied all
>knowledge of any such program, and suggested I had somehow been
>infected by a virus. When I challenged them with the facts, they
>ultimately aknowleged that this was indeed activity tracking software
>that reported printer and cartridge use back to them for "survey"
>purposes. Lexmark said that "no personal data" was relayed by the
>program, and that I could not be personally identified by it. However
>- the program transmits the printer serial number, and when I
>registered the warranty with Lexmark, they recorded my personal
>information along with the serial number. How much effort does it take
>to match the two?
>
>I call it spying! I was not advised of this part of the installation,
>nor was I asked to agree to be part of any such data gathering
>activity. I see this as a breach of my privacy, and as deplorable
>behaviour by Lexmark.
>
>Lexmark users beware! But, they may not be the only ones stealing your
>private information.
Anonymous
November 15, 2004 8:28:12 PM

Archived from groups: comp.periphs.printers (More info?)

Fark just picked it up too.

On 13 Nov 2004 20:49:20 GMT, Skuuby <skuuby@rogers.com> wrote:

>Jon@NOonlySPAMbrowsingTHANX.com (Jon O'Brien) wrote in
>news:memo.20041112121001.3408C@blue.compulink.co.uk:
>
>> In article <slrncp92tm.8hl.t-use@ID-685.user.individual.de>,
>> t-use@gmx.net (Martin Trautmann) wrote:
>>
>>> ok, the posting made it to zdnet - but no extra info is given by now.
>>
>> What did you expect Lexmark to do? Issue press releases saying that
>> those responsible have been hung, drawn and quartered? Send someone
>> round to the poster's house to beg forgiveness? Close the company down
>> out of shame?
>>
>> I assumed the poster wanted the message spread as widely as possible,
>> so I let a group of journalists know about it. One of them picked it
>> up and ran with it. It's only been on ZDNet for a couple of days but
>> something could come of it yet. It may, at least, stop the buggers
>> using the intrusive software in the future.
>>
>> Jon.
>
>Just to let people know, this thread and some of the mentioned links have
>been placed on http://slashdot.org
>
>Nothing new, but it's going to get a lot of attention now...
>
>Russ
Anonymous
November 16, 2004 1:53:58 AM

Archived from groups: comp.periphs.printers (More info?)

Just to be safe... I'm tossing my Z22 in the trash.
I'm outta ink and the cartriges cost more than the printer itself
anyway... haha.

Commander wrote:
> Yes, Lexmark is now in the Spyware business!
>
> Just the other day I purchased a new Lexmark X5250 All-in-one printer.
> I installed it as per the instructions and monitored the install with
> Norton as I do with all new software.
>
> On reviewing the install log I noticed a program called Lx_CATS had
> been placed in the c:\program files directory. I investigated and
> found a data log and an initialisation file called Lx_CATS.ini.
> Further investigation of this file showed that Lexmark had, without my
> permission, loaded a Trojan backdoor on to my computer. Furthermore,
> it is embedded into the system registry, so average users would likely
> never know it was there and active.
>
> This Lexmark Trojan was programmed to monitor my use of the printer by
> way of data collected from two DLLs in the c:\program files\lexmark500
> folder. The Trojan would then send information on printer usage,
> including types of print activity, scanning activity, OCR activity
> etc., back to a hidden URL at 30 day intervals.
>
> The URL, www.lxkcc1.com, is identified as being owned by Lexmark.
>
> When I called and spoke with Lexmark support, they denied all
> knowledge of any such program, and suggested I had somehow been
> infected by a virus. When I challenged them with the facts, they
> ultimately aknowleged that this was indeed activity tracking software
> that reported printer and cartridge use back to them for "survey"
> purposes. Lexmark said that "no personal data" was relayed by the
> program, and that I could not be personally identified by it. However
> - the program transmits the printer serial number, and when I
> registered the warranty with Lexmark, they recorded my personal
> information along with the serial number. How much effort does it take
> to match the two?
>
> I call it spying! I was not advised of this part of the installation,
> nor was I asked to agree to be part of any such data gathering
> activity. I see this as a breach of my privacy, and as deplorable
> behaviour by Lexmark.
>
> Lexmark users beware! But, they may not be the only ones stealing your
> private information.


----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= East/West-Coast Server Farms - Total Privacy via Encryption =---
Anonymous
November 18, 2004 12:21:00 PM

Archived from groups: misc.consumers,comp.periphs.printers (More info?)

Commander makes a good point in his last statement: "Lexmark users
beware! But, they may not be the only ones stealing your private
information." I personally don't believe Lexmark has any evil
intent--but their spy-ware may open your PC up to a "False Flag"
attack wherein Lexmark's Trojan is hi-jacked by another to scan the
balance of your HDD. At the very least it's another in-road. And
while FF attacks are currently rare, they seem more likely once hacks
get wind of Lexmark's spy-ware practice. I wonder what the military,
NASA (victim of many hacks) and other governmental agencies would
think were they to find out about this practice?

NO OEM should be eavesdropping on your PC without express (opt-in)
permission--and not just an "I-Agree-button-level" permission. Good
catch out there.

Commander_rn1@yahoo.com (Commander) wrote in message news:<3ec7f2e1.0411090817.3c9c0c7@posting.google.com>...
> Yes, Lexmark is now in the Spyware business!
>
> Just the other day I purchased a new Lexmark X5250 All-in-one printer.
> I installed it as per the instructions and monitored the install with
> Norton as I do with all new software.
>
> On reviewing the install log I noticed a program called Lx_CATS had
> been placed in the c:\program files directory. I investigated and
> found a data log and an initialisation file called Lx_CATS.ini.
> Further investigation of this file showed that Lexmark had, without my
> permission, loaded a Trojan backdoor on to my computer. Furthermore,
> it is embedded into the system registry, so average users would likely
> never know it was there and active.
>
> This Lexmark Trojan was programmed to monitor my use of the printer by
> way of data collected from two DLLs in the c:\program files\lexmark500
> folder. The Trojan would then send information on printer usage,
> including types of print activity, scanning activity, OCR activity
> etc., back to a hidden URL at 30 day intervals.
>
> The URL, www.lxkcc1.com, is identified as being owned by Lexmark.
>
> When I called and spoke with Lexmark support, they denied all
> knowledge of any such program, and suggested I had somehow been
> infected by a virus. When I challenged them with the facts, they
> ultimately aknowleged that this was indeed activity tracking software
> that reported printer and cartridge use back to them for "survey"
> purposes. Lexmark said that "no personal data" was relayed by the
> program, and that I could not be personally identified by it. However
> - the program transmits the printer serial number, and when I
> registered the warranty with Lexmark, they recorded my personal
> information along with the serial number. How much effort does it take
> to match the two?
>
> I call it spying! I was not advised of this part of the installation,
> nor was I asked to agree to be part of any such data gathering
> activity. I see this as a breach of my privacy, and as deplorable
> behaviour by Lexmark.
>
> Lexmark users beware! But, they may not be the only ones stealing your
> private information.
November 1, 2011 3:16:47 PM

:non: 

I have a X7350 that is doing the same thing. Takes data and sends it back to lexmark. Only I have modified the files and all they get back is gibberish now.

I thought in the past at times my modem showed communications when I was not using it. I found Compac, Lexmark, several camera software programs and others by third parties all reporting back to their respective web sites.

I do enjoy it when people try to help others by notifying them of potential problems and spywear. I do not like it when the think they know it all and self made whiners join in and bash others.

You want to bash me and my report on third party spywear including lexmark.
Go ahead. It will not change the fact.

The mining of personal data, from computers is a rampant problem. To deny it will not make it go away.
!