The panic that arose yesterday about Samsung allegedly shipping laptops that contained a pre-installed keylogger turns out to have been a complete mistake after further investigation by security researchers and the company itself. In fact, the controversy was the result of a false positive from one commercial antimalware suite and nothing else.
Several outlets reported on Wednesday that Samsung laptops had been found to contain a keylogger known as StarLogger right out of the box from the factory. However, upon closer inspection by security companies, the folder on the laptops that supposedly contained the malware was actually a directory that is part of Windows’ multi-language support.
In a statement Thursday, Samsung said that the company had confirmed that none of its laptops were shipped with a keylogger installed.
“The statements that Samsung installs keylogger on R525 and R540 laptop computers are false.
Our
findings indicate that the person mentioned in the article used a
security program called VIPRE that mistook a folder created by
Microsoft’s Live Application for a key logging software, during a virus
scan,” the statement sayd.
“The confusion arose because VIPRE mistook Microsoft’s Live Application
multi-language support folder, “SL” folder, as StarLogger. (Depending on the language, under C:windows folders “SL” for Slovene, “KO” for Korean, “EN” for English are created.”
Researchers at other antimalware companies confirmed early Thursday that the original detection that led to the confusion was indeed a false positive.
“We now have confirmation for what we wrote in our previous blog post: Samsung is not shipping keyloggers on their laptops,” Mikko Hyponnen of F-Secure wrote on Thursday morning.
“The whole saga was caused by a false alarm of the VIPRE
Antivirus product. Apparently VIPRE detects the StarLogger keylogger by
searching for the existance of a directory called “SL” in the root of
the Windows directory.”
