Monday, February 25, 2008

Outrageous Spyware Story

I copied the following from the Internet Patrol Web site. Seems the folks at Lexmark really want to know about your printing habits. I did a little research and it seems a lot of people have discovered this little bugger. One of our techs ran into an issue with a customer using this printer. Seems he couldn't print at all. Turns out that the customer had a dialup connection. When he wasn't connected to the Internet the printer couldn't "phone home" - no contact with Lexmark's server and the printer won't print. My tech verified this with Lexmark support.

Do you have a Lexmark printer? If so, you could also have Lexmark’s Lx_CATS spyware — which Lexmark euphemistically calls “tracking software” for “reporting printer and cartridge use back to the company for survey purposes” — living on your computer, without your knowledge.

A user calling himself “Commander” has posted to the printer-focused Usenet group, comp.periphs.printers, that:

“Just the other day I purchased a new Lexmark X5250 All-in-one printer. I installed it as per the instructions and monitored the install with Norton as I do with all new software.

On reviewing the install log I noticed a program called Lx_CATS had been placed in the c:program files directory. I investigated and found a data log and an initialisation file called Lx_CATS.ini. Further investigation of this file showed that Lexmark had, without my permission, loaded a Trojan backdoor on to my computer. Furthermore, it is embedded into the system registry, so average users would likely never know it was there and active.”

Commander noticed that the spyware was programmed to surreptitiously report back to a URL, www.lxkcc1.com, every thirty days. lxkcc1.com is registered to Lexmark International, Inc..

When Commander called Lexmark to demand an explanation, the company first denied that they had installed any spyware at all. Ultimately the person with whom he spoke conceded that Lexmark installs “tracking software” on their users’ computers “to report back on printer and cartridge use for survey purposes.” While the Lexmark representative avowed that they did not transmit any personal information, they also admitted that the program does transmit the printer’s serial number, which of course is registered to the user. No personal information my foot!

Rumours of the installation of spyware along with their printer software have swirled around Lexmark for several years, and posts to Usenet complaining of Lexmark spyware date from as early as 2001. Some users complain of their computer trying to connect to the Internet every time they print a document; others worry that the program is reporting not only their cartridge usage, but whether they are using non-Lexmark cartridges, or even refilling their own cartridges, thus possibly setting the stage for a denial of warranty service.

According to “Commander”, the offending files include a program file called lx_CATS, and a related .ini file, lx_CATS.ini, as well as 2 DLL files in the c:program fileslexmark500 folder.

In order to remove Lexmark’s spyware from your system, delete the file (probably in your c:program directory) called “lx_cats.exe”, and also search for and remove a file called “lx_cats.ini” (and, for that matter, any other file including the term “lx_cats”).