Lexmark Printer Users Beware of Spyware
Commander
Just the other day I purchased a new Lexmark X5250 All-in-one printer.
I installed it as per the instructions and monitored the install with
Norton as I do with all new software.
On reviewing the install log I noticed a program called Lx_CATS had
been placed in the c:\program files directory. I investigated and
found a data log and an initialisation file called Lx_CATS.ini.
Further investigation of this file showed that Lexmark had, without my
permission, loaded a Trojan backdoor on to my computer. Furthermore,
it is embedded into the system registry, so average users would likely
never know it was there and active.
This Lexmark Trojan was programmed to monitor my use of the printer by
way of data collected from two DLLs in the c:\program files\lexmark500
folder. The Trojan would then send information on printer usage,
including types of print activity, scanning activity, OCR activity
etc., back to a hidden URL at 30 day intervals.
The URL, www.lxkcc1.com, is identified as being owned by Lexmark.
When I called and spoke with Lexmark support, they denied all
knowledge of any such program, and suggested I had somehow been
infected by a virus. When I challenged them with the facts, they
ultimately aknowleged that this was indeed activity tracking software
that reported printer and cartridge use back to them for "survey"
purposes. Lexmark said that "no personal data" was relayed by the
program, and that I could not be personally identified by it. However
- the program transmits the printer serial number, and when I
registered the warranty with Lexmark, they recorded my personal
information along with the serial number. How much effort does it take
to match the two?
I call it spying! I was not advised of this part of the installation,
nor was I asked to agree to be part of any such data gathering
activity. I see this as a breach of my privacy, and as deplorable
behaviour by Lexmark.
Lexmark users beware! But, they may not be the only ones stealing your
private information.
Von Dutch
Comman...@yahoo.com says...
knowledge.
--
Thanks for the laughs..
Jonathan Kamens
no reason to disbelieve what he wrote, and I agree that it is
a serious invasion of privacy.
Before you say, "What does it matter?" consider that with this
spyware, Lexmark can probably determine if you are using
non-OEM or refilled cartridges, and they may use either of
these as an excuse to refuse to honor their warranty if your
printer has a problem.
jim
>However, is there enough proof? Lx_CATS is unknown to web and news
>google.
>
Not true any longer since this thread exists now but even so, just
because it's not on the net doesn't prove/disprove anything.
The OP has said Lexmark by phone has admitted to this spyware /
tracking software as part of his installation.
>lxkcc1.com does indeed trace to lexmark - but there's little proof up to
>now whether these files really were installed.
>
Yeah I agree with you. Why don't you ask the OP to invite you to
dinner at his place so you can check this out and get a free dinner
outa it too.
Miss Perspicacia Tick
> I'm not sure why people are making fun of the OP here.
Because he was moronic enough to purchase a Lexmark. AFAIK, the newer models
are non-refillable and you cannot use aftermarket tanks (if any exist), the
quality is questionable (and believe me I know). It's idiots like this that
keep Lexmark in business. They weren't bad when they were owned by IBM but,
since the demerger, they've become crap. Victims of their own success. They
now need to vanish - and fast! The best that can be said for them is the
tanks are recyclable (but so are HP's).
--
My great-grandfather was born and raised in Elgin - did he eventually
lose his marbles?
bat
You wrote on Tue, 9 Nov 2004 16:59:14 +0000 (UTC):
JK> Before you say, "What does it matter?" consider that with this
JK> spyware, Lexmark can probably determine if you are using
JK> non-OEM or refilled cartridges, and they may use either of
JK> these as an excuse to refuse to honor their warranty if your
JK> printer has a problem.
No, they can't, unless the printer also told them the name, phone number and
address.
And even then, I don't see how could they phrase such a denial. "The
software we installed on your computer told us you were using OEM
cartridge"?
Jonathan Kamens
>No, they can't, unless the printer also told them the name, phone number and
>address.
The OP already explained this: The spyware reports the printer
serial number. The user reported the serial number along with
his name, phone number and address when registering the
printer.
>And even then, I don't see how could they phrase such a denial. "The
>software we installed on your computer told us you were using OEM
>cartridge"?
If the printer breaks, the user will have to send it back for
service. The warranty service center can then claim that they
had determined from examining the printer that unauthorized
and/or refilled cartridges had been used. They don't have to
explain how.
Also, assuming that the click-through agreement mentions in
the fine print that usage information is collected and
transmitted to Lexmark, which it probably does, then they
would be on perfectly sound legal ground to tell the user
exactly what you suggested above.
bat
JK> service. The warranty service center can then claim that they
JK> had determined from examining the printer that unauthorized
JK> and/or refilled cartridges had been used. They don't have to
JK> explain how.
JK> Also, assuming that the click-through agreement mentions in
JK> the fine print that usage information is collected and
JK> transmitted to Lexmark, which it probably does, then they
JK> would be on perfectly sound legal ground to tell the user
JK> exactly what you suggested above.
I agree, that makes sense. But it's easy if all their repairs are
centralized; if they are performed in some service centers, dealerships and
such, Lexmark would have to implement a project of communicating that
database to all of them, and train how to use it, including how to lie. Hmm.
If they had the brainpower sufficient to mastermind and implement such a
sophisticated scheme, they would had applied it long ago to their main
product. If that was the case, HP would be forgotten long ago.
It's a mistery why all scammers and spammers easily implement the cutting
edge ideas and technologies to deliver their scam, but never to come up with
a decent product.
Christina Barnes
news:slrncp4bk0...@ID-685.user.individual.de:
> ["Followup-To:" header set to comp.periphs.printers.]
> On 9 Nov 2004 08:17:25 -0800, Commander wrote:
>> Lexmark users beware! But, they may not be the only ones
>> stealing your private information.
>
> I was told that HP laptop printer did the same thing some
> months ago!?
Here is a suggestion if you are concerned about this type of
thing:
If you have a firewall program such as ZoneAlarm installed, it
will alert you every time a new program tries to access the
Internet. If, while installing new hardware or software that
certainly should NOT be going online, I get a pop-up telling me
the program is trying to 'phone home' I can kill it right there.
I've done this dozens of times (you really wouldn't believe how
many programs try to send info to the manufacturer during
install!) and it has yet to cause the install routine or program
to fail.
It is also a great way to catch the programs that are 'checking
for updates' constantly or doing any other online activity you
aren't aware of.
--
Christina Barnes
CB Design
Brendan R. Wehrung
Martin Trautmann (t-...@gmx.net) writes:
> On Tue, 09 Nov 2004 12:06:22 -0600, jim wrote:
>> On 9 Nov 2004 17:21:37 GMT, Martin Trautmann <t-...@gmx.net> wrote:
>>
>> >However, is there enough proof? Lx_CATS is unknown to web and news
>> >google.
>> >
>>
>> Not true any longer since this thread exists now but even so, just
>> because it's not on the net doesn't prove/disprove anything.
>> The OP has said Lexmark by phone has admitted to this spyware /
>> tracking software as part of his installation.
>
> the name of the 'official' Lexmark hotline person, I don't know the
> exact dialog and whether this really was admitting.
>
>> >lxkcc1.com does indeed trace to lexmark - but there's little proof up to
>> >now whether these files really were installed.
>> >
>>
>> Yeah I agree with you. Why don't you ask the OP to invite you to
>> dinner at his place so you can check this out and get a free dinner
>> outa it too.
>
>
>
> I don't need to proof it myself. It's good to know that there might be
> some real spyware problem. It should take further investigation. But up
> to now it's only a statement from someone I don't know and a message
> which could be a hoax.
The last time this came up I think the file name was "lexrepps" or
something like that. I called Lexmark and was told its function was to
connect to networked computers on your system, surely a desireable feature
(and even today one that seems to an irritant when a printer works with only
one computer). That was called "spyware" too.
Brendan
--
Brendan R. Wehrung
"Miss Perspicacia Tick" (miss...@lancre.dw) writes:
> Jonathan Kamens wrote:
>> I'm not sure why people are making fun of the OP here.
>
> Because he was moronic enough to purchase a Lexmark. AFAIK, the newer models
> are non-refillable and you cannot use aftermarket tanks (if any exist), the
> quality is questionable (and believe me I know). It's idiots like this that
> keep Lexmark in business. They weren't bad when they were owned by IBM but,
> since the demerger, they've become crap. Victims of their own success. They
> now need to vanish - and fast! The best that can be said for them is the
> tanks are recyclable (but so are HP's).
>
Out of curiousity, why are empty "real" Lexmark cartridges still accepted
at Staples, Office Max and Office Depot in exchange for a ream of paper if
they are not refillable? I don't think these companies ae doing it out
the goodness of their hearts.
Brendan
--
Christina Barnes
be known in news:cmtomh$rde$1...@theodyn.ncf.ca:
> Out of curiousity, why are empty "real" Lexmark cartridges
> still accepted at Staples, Office Max and Office Depot in
> exchange for a ream of paper if they are not refillable? I
> don't think these companies ae doing it out the goodness of
> their hearts.
>
> Brendan
My guess would be that it is an attempt to be a 'good citizen'
by taking used ink cartridges and laser toner out of the waste
stream. Even if they can't be refilled, they can be disposed of
in a more ecologically sound way than throwing them into the
landfill.
It may not be out of the 'Goodness of their hearts', but it is
great public relations that could translate into more $$ later
down the road.
Christina Barnes
it be known in news:Xns959D915EB...@216.196.97.142:
> ck...@FreeNet.Carleton.CA (Brendan R. Wehrung) wrote let it
> be known in news:cmtomh$rde$1...@theodyn.ncf.ca:
>
>> Out of curiousity, why are empty "real" Lexmark cartridges
>> still accepted at Staples, Office Max and Office Depot in
>> exchange for a ream of paper if they are not refillable?
> My guess would be that it is an attempt to be a 'good
> citizen'...
Plus, anything that gets you into the store is good for
business... I doubt if too many people stop in to drop off an
empty cartridge without buying SOMETHING.
Taliesyn
And you are right, of course.
Just checked my supplier of refill ink. Yes, they have ink for the
latest Lexmark printer, the PhotoJet P915.
-Taliesyn
Jon O'Brien
Comman...@yahoo.com (Commander) wrote:
> Yes, Lexmark is now in the Spyware business!
http://news.zdnet.co.uk/0,39020330,39173517,00.htm
Jon.
Jon O'Brien
(Martin Trautmann) wrote:
> ok, the posting made it to zdnet - but no extra info is given by now.
What did you expect Lexmark to do? Issue press releases saying that those
responsible have been hung, drawn and quartered? Send someone round to the
poster's house to beg forgiveness? Close the company down out of shame?
I assumed the poster wanted the message spread as widely as possible, so I
let a group of journalists know about it. One of them picked it up and ran
with it. It's only been on ZDNet for a couple of days but something could
come of it yet. It may, at least, stop the buggers using the intrusive
software in the future.
Jon.
Jon O'Brien
(Martin Trautmann) wrote:
> I'd have prefered that you state what actually can be found on zdnet.
> I'm in usenet here and had to change over to WWW in order to
> read this article - just to find out _nothing_.
So sorry to inconvenience you but I wasn't aware that you had to go to
such great and arduous lengths to see what the link pointed to. As far as
I was aware, most people would just have to click on the link and the page
would open up in their browser. If you'd like to describe in great detail
workings of your system, I'll try to make sure I don't inconvenience you
in the future.
> So your message could have been
>
> "I've forwarded this info to journalists at ZDNet. See <URL> for
> article. No new infos yet"...
It could have been but it wasn't. It was intended to let the
original poster see that his message had been further disseminated. I'm
sure he doesn't mind that you took a look too, however.
> I don't know about the influence of ZDNet - but as long as there's no
> result from them, it's not that much use/news to mention it.
I don't know about ZDNet's influence either but at least a wider audience
is now aware of the games Lexmark is playing. I suspect it might make a
few more people think twice before buying a Lexmark printer, too.
> Just my personal idea what I might expect. YMMV.
Life's full of little disappointments. I'm sure you'll get over it.
Jon.
Skuuby
news:memo.2004111...@blue.compulink.co.uk:
Just to let people know, this thread and some of the mentioned links have
been placed on http://slashdot.org
Nothing new, but it's going to get a lot of attention now...
Russ
us...@user.user
disable your computer if you violated the license.
Lars Haeh
zcra...@clis.com
I'm outta ink and the cartriges cost more than the printer itself
anyway... haha.
Commander wrote:
> Yes, Lexmark is now in the Spyware business!
>
> Just the other day I purchased a new Lexmark X5250 All-in-one printer.
> I installed it as per the instructions and monitored the install with
> Norton as I do with all new software.
>
> On reviewing the install log I noticed a program called Lx_CATS had
> been placed in the c:\program files directory. I investigated and
> found a data log and an initialisation file called Lx_CATS.ini.
> Further investigation of this file showed that Lexmark had, without my
> permission, loaded a Trojan backdoor on to my computer. Furthermore,
> it is embedded into the system registry, so average users would likely
> never know it was there and active.
>
> This Lexmark Trojan was programmed to monitor my use of the printer by
> way of data collected from two DLLs in the c:\program files\lexmark500
> folder. The Trojan would then send information on printer usage,
> including types of print activity, scanning activity, OCR activity
> etc., back to a hidden URL at 30 day intervals.
>
> The URL, www.lxkcc1.com, is identified as being owned by Lexmark.
>
> When I called and spoke with Lexmark support, they denied all
> knowledge of any such program, and suggested I had somehow been
> infected by a virus. When I challenged them with the facts, they
> ultimately aknowleged that this was indeed activity tracking software
> that reported printer and cartridge use back to them for "survey"
> purposes. Lexmark said that "no personal data" was relayed by the
> program, and that I could not be personally identified by it. However
> - the program transmits the printer serial number, and when I
> registered the warranty with Lexmark, they recorded my personal
> information along with the serial number. How much effort does it take
> to match the two?
>
> I call it spying! I was not advised of this part of the installation,
> nor was I asked to agree to be part of any such data gathering
> activity. I see this as a breach of my privacy, and as deplorable
> behaviour by Lexmark.
>
> Lexmark users beware! But, they may not be the only ones stealing your
> private information.
----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= East/West-Coast Server Farms - Total Privacy via Encryption =---
Brendan R. Wehrung
Martin Trautmann (t-...@gmx.net) writes:
> Answer from Lexmark Headquarter:
>
> "The software to which this article refers implements a completely
> voluntary product improvement program called Lexmark Connect. This
> voluntary program is explained to customers during the installation
> process for a new printer. During this process, a registration screen
> will appear that will allow the customer to choose to participate, or
> choose not to participate, in the Lexmark Connect program. A user MUST
> review this page, choose whether or not to participate and click
> ?continue? for the printer installation program to proceed. This page
> also features a ?Learn More? button that provides additional information
> to the customer of about the data that would be collected. If the
> customer chooses not to participate, the printer installation will
> proceed, but the Lexmark Connect software will not be installed and the
> data will not be collected. The information collected is operating
> information that will allow Lexmark to understand our customers printing
> habits and needs better, such as the number of pages printed, amount of
> ink used, and how frequently product features are used. No personal
> information is collected. Customers who sign up for this program will
> receive additional optional surveys from Lexmark, and again this
> participation is fully voluntary. To discontinue participation in this
> program, the customer can simply go into the Lexmark Solutions Center
> (the same one used to check the ink gauge, install a new cartridge,
> etc.) and click on the advanced tab, for instructions to terminate his
> or her participation.
>
> We expect this program to permit Lexmark to better design products that
> meet customers? actual printing needs and preferences."
>
>
> I don't know an official source for this second hand statement - but it
> does sound reasonable.
>
> How about the 'choose to participate, or choose not to participate"? Is
> there a default set in order to participate or is it really optional?
>
>
I vaguely remember having to do this when I installed my Z65. I always
check "no" on these sorts of things and it's no big deal.
Brendan
--
Brendan R. Wehrung
"zcra...@clis.com" (zcra...@clis.com) writes:
> Just to be safe... I'm tossing my Z22 in the trash.
> I'm outta ink and the cartriges cost more than the printer itself
> anyway... haha.
>
I bought a Z11 for about $6 after rebate. It has never been used, but I
keep it as backup to use cartdriges for my 5700 if and when it craps out.
That's a hidden cost with any printer (and I'm sure it happens to Epson
and Canon users as well) of stocking up during sales and then having the
printer die. As you say, the carts cost more than the printer. Always
have a plan B to use them up.
Brendan
--
thisguyisafucker
isnt even registered secondly its not called spyware and all hes doing
he trying to get lexmark to pay him money
commander go fuck ur mum u looser
Aravind
> Martin Trautmann <t-...@gmx.net> wrote let it be known in
> news:slrncp4bk0...@ID-685.user.individual.de:
>
>
> thing:
>
> If you have a firewall program such as ZoneAlarm installed, it
> will alert you every time a new program tries to access the
> Internet. If, while installing new hardware or software that
> certainly should NOT be going online, I get a pop-up telling me
> the program is trying to 'phone home' I can kill it right there.
>
Thanks for the info. One of the 'tips' from ZoneAlarm website gives
the following:
Tip No. 5: Create a Trusted Zone
If you have two or more computers connecting to the Internet through a
router, you can create a Trusted Zone. Click Firewall in the ZoneAlarm
Control Center, then click the Zones tab. Click the Add button and
enter your other computers' local IP addresses. You can set Trusted
Zone security to let your computers share files and disk space.
Now, if your router generates ip addresses dynamically, I wonder how
one could create a "Trusted Zone" since you can not assign a single ip
address. Is there a work around?
Any info or comments are appreciated.
nerd32768
news:cnc943$59m$1...@theodyn.ncf.ca...
<snip>
> I vaguely remember having to do this when I installed my Z65. I always
> check "no" on these sorts of things and it's no big deal.
>
> Brendan
> --
I had to do the same thing on my HP business inkjet 1100, where HP
supposedly hosts a server that lets you see your printer statistics. i was
using it for a while, but my network(100mbps) was consistently active, so i
disabled it, and the problem was gone. never thought of it from the
perspective of this NG. There are also articles of this thread at :
http://www.theregister.co.uk/2004/11/15/lexmark_spyware/
http://p2pnet.net/story/2992
http://software.silicon.com/malware/0,3800003100,39125876,00.htm
http://channels.lockergnome.com/windows/archives/20041111_if_you_have_a_lexmark_printer_you_may_also_have_lexmark_spyware.phtml
http://www.osnews.com/story.php?news_id=8858
http://www.tweakzone.nl/nieuws/6532
http://forums.winxpcentral.com/showthread.php?t=12082
http://www.zdnet.com.au/news/security/0,2000061744,39166406,00.htm
http://www.techdirt.com/articles/20041112/0455245.shtml
http://www.techimo.com/newsapp/i12411.html
http://www.techspot.com/story16288.html
http://www.livingroom.org.au/printers/archives/lexmark_accused_of_installing_spyware/
http://www.engadget.com/entry/3508496627337139/
http://forums.anandtech.com/messageview.aspx?catid=27&threadid=1441270&enterthread=y
http://blogs.ittoolbox.com/crm/gap/archives/002167.asp
http://uk.news.yahoo.com/041111/152/f6g2g.html
http://www.astalavista.com/index.php?section=news&cmd=details&newsid=968
http://j-walkblog.com/blog/index/P17522/
http://slashdot.org/article.pl?sid=04/11/13/015214
http://eyeonit.itmanagersjournal.com/article.pl?sid=04/11/12/1836204
http://itrain.org/itinfo/weblog/archives/00000080.html
http://msmvps.com/rodtrent/archive/2004/11/13/19019.aspx
http://newsvac.newsforge.com/newsvac/04/11/12/1836237.shtml
http://www.msfn.org/comments.php?shownews=10621
http://www.thepossums.com/modules.php?name=News&file=showarticle&threadid=7077
Nerd32768
A+, Network+, MCP, MCSA
nerd32768
news:fAnkd.7930$mu4....@fe48.usenetserver.com...
> Jonathan Kamens wrote:
> > I'm not sure why people are making fun of the OP here.
>
> Because he was moronic enough to purchase a Lexmark. AFAIK, the newer
models
> are non-refillable and you cannot use aftermarket tanks (if any exist),
the
> quality is questionable (and believe me I know). It's idiots like this
that
> keep Lexmark in business. They weren't bad when they were owned by IBM
but,
> since the demerger, they've become crap. Victims of their own success.
They
> now need to vanish - and fast! The best that can be said for them is the
> tanks are recyclable (but so are HP's).
On my HP business inkjet 1100DTN, i also noticed some interesting things
about deleting the accounts. This is what HPs website states when i begin
the "process" of deleting my account:
------------
By submitting this form, you will be deleting your printer usage data with
HP.
HP will store your data (Email address, Serial number) in a server located
overseas only for the purpose of deleting your printer usage data. Your IP
address will be stored in server log files for a maximum of 5 years. You
will be notified by email once your data has been deleted.
------------
If this seems to be what it is, my email address is being linked to my
serial number and my IP address for _5 YEARS_!! Does anybody else here have
a BJ1100? Is anybody else suspicious about what HP is doing?
Christina Barnes
news:c47d1fd8.04111...@posting.google.com:
> Tip No. 5: Create a Trusted Zone
> If you have two or more computers connecting to the
> Internet through a router, you can create a Trusted Zone.
> Click Firewall in the ZoneAlarm Control Center, then click
> the Zones tab. Click the Add button and enter your other
> computers' local IP addresses. You can set Trusted Zone
> security to let your computers share files and disk space.
>
> Now, if your router generates ip addresses dynamically, I
> wonder how one could create a "Trusted Zone" since you can
> not assign a single ip address. Is there a work around?
>
> Any info or comments are appreciated.
Even if your router assigns addresses dynamically, they will
allways be in the same range of addresses set asside for a local
network, usually by default (depending on the router's
manufacturer) either 192.168.0.1-255 or 192.168.1.1-255
These are 'non-routable'local addresses, so you don't have to
worry about any Internet traffic using any of these IPs.
Since the .1 address is usually the router itself, and
represents traffic coming in from the Internet, I would define a
'Trusted Zone' of addresses from .2 through .255 for whatever
subnet you are on. I believe that Zonealarm lets you define the
zone as either a single IP, a subnet, or a starting and ending
IP address.
You could also look at the config of the router, sometimes they
define a much smaller range of addresses they will actually
assign by DHCP, so you might only have to 'trust', for example,
.10-.50
Steve Brown
beware! But, they may not be the only ones stealing your private
intent--but their spy-ware may open your PC up to a "False Flag"
attack wherein Lexmark's Trojan is hi-jacked by another to scan the
balance of your HDD. At the very least it's another in-road. And
while FF attacks are currently rare, they seem more likely once hacks
get wind of Lexmark's spy-ware practice. I wonder what the military,
NASA (victim of many hacks) and other governmental agencies would
think were they to find out about this practice?
NO OEM should be eavesdropping on your PC without express (opt-in)
permission--and not just an "I-Agree-button-level" permission. Good
catch out there.
Comman...@yahoo.com (Commander) wrote in message news:<3ec7f2e1.0411...@posting.google.com>...