Samsung Keylogger Case Revealed As False Positive

The panic that arose yesterday about Samsung allegedly shipping laptops that contained a pre-installed keylogger turns out to have been a complete mistake after further investigation by security researchers and the company itself. In fact, the controversy was the result of a false positive from one commercial antimalware suite and nothing else.

Samsung keyloggerThe panic that arose yesterday about Samsung allegedly shipping laptops that contained a pre-installed keylogger turns out to have been a complete mistake after further investigation by security researchers and the company itself. In fact, the controversy was the result of a false positive from one commercial antimalware suite and nothing else.

Several outlets reported on Wednesday that Samsung laptops had been found to contain a keylogger known as StarLogger right out of the box from the factory. However, upon closer inspection by security companies, the folder on the laptops that supposedly contained the malware was actually a directory that is part of Windows’ multi-language support.

In a statement Thursday, Samsung said that the company had confirmed that none of its laptops were shipped with a keylogger installed.

“The statements that Samsung installs keylogger on R525 and R540 laptop computers are false.

Our
findings indicate that the person mentioned in the article used a
security program called VIPRE that mistook a folder created by
Microsoft’s Live Application for a key logging software, during a virus
scan,” the statement sayd.

“The confusion arose because VIPRE mistook Microsoft’s Live Application
multi-language support folder, “SL” folder, as StarLogger. (Depending on the language, under C:windows folders “SL” for Slovene, “KO” for Korean, “EN” for English are created.”

Researchers at other antimalware companies confirmed early Thursday that the original detection that led to the confusion was indeed a false positive.

We now have confirmation for what we wrote in our previous blog post: Samsung is not shipping keyloggers on their laptops,” Mikko Hyponnen of F-Secure wrote on Thursday morning.
“The whole saga was caused by a false alarm of the VIPRE
Antivirus product. Apparently VIPRE detects the StarLogger keylogger by
searching for the existance of a directory called “SL” in the root of
the Windows directory.”

Suggested articles

Discussion

  • Anonymous on

    lol! a very big lulz!

  • Anonymous on

    I don't see anything specific to samsung in a folder related to slovene language. Is this triggering false alarms on other laptops as well? 

  • krist0ph3r on

    if this is true, that is one lame antivirus. "commercial antimalware suite", HA HA!

  • Anonymous on

    So what's the explanation for the support tech admitting that Samsung had put keylogging software on their customer's machines to see what they're used for? Or did someone say something they shouldn't have?

  • Stephen Alzis on

    Why and why this guy hadn't use ANOTHER antispyware program, for exemple ..-Aware or ...... Search and Destroy? (Not to make some ad)... When you're accustomed to scientific procedures, you countercheck systematically your datas. No?
  • cailtin lopez on

    Stephen Alzis because of the publicity (but everybody knows now the guy is an idiot)


    As second thorough who is the idiot? they or us for follow them?

  • Anonymous on

    Except Microsoft Windows creates the directory C:Windowssl-si for the Slovenian language. (I just installed it myself to make sure.)

    Modern Windows versions always use languagecode-LOCATIONCODE for its internationalization.

    I'm checking the Slovenian Windows Live Essentials install now.

  • Anonymous on

    Verified, Slovenian Windows Live Essentials install does not create a C:WindowsSL directory...

  • Anonymous on

    Correction: Windows Live Photo Gallery screensaver does insert bare languagecode directories.

    Checking to see if this Samsung issue is a false-positive should be as easy as checking the files in the directory... that honestly wouldn't take much time to check and post a retraction of the article...

  • Anonymous on

    bullshit

    they are trying to avoid consequences. It is fully functionally keylogger

    @author: can you provide some relative sources for this PR article ?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.