Feeds

Testing confirms Samsung keylogger rumour just a false alarm

Keep calm and carry on

Website security in corporate America

Updated Antivirus testers have backed up Samsung's protestations that the detection of keylogging software on brand-new Samsung laptops was just a false alarm.

Mohamed Hassan, founder of security consultancy NetSec, raised the alarm after a scan revealed that two newly purchased Samsung laptops were infected with StarLogger, a commercial keylogger. Hassan investigated the matter before working on a story for NetWork World that compared the incident to the infamous Sony BMG rootkit fiasco of 2005.

It was suggested that Samsung was using underhand methods to extract market research, monitoring user activity without their knowledge or consent in the process. Hassan was eventually put through to a Samsung support centre manager who told him that Samsung had pre-loaded software to "monitor the performance of the machine and to find out how it is being used".

Samsung quickly denied it was doing anything of the sort before issuing a more detailed statement saying that the confusion stemmed from the installation of the Microsoft Live! application suite. The Slovenian language version of the suite creates a folder called C:\Windows\SL, the same folder name as is used by the StarLogger application and it was this that was causing alarm bells to ring.

Testing by antivirus researchers this morning confirmed that VIPRE Antivirus detects 'StarLogger' after creating a 'SL' folder on a clean PC. Even an empty folder with no files in it creates this behaviour, as illustrated in a test screenshot here.

Although the whole incident (which excited a great deal of commentary from antivirus vendors – examples here and here) has therefore been revealed as a false alarm, encountered in good faith, it does raise a couple of secondary questions. Firstly, why VIPRE Antivirus, from GFI Software, detects malware in empty folders simply because of their name, and secondly about the quality of information provided by Samsung's tech support staff. ®

Update

GFI, which publishes VIPRE, has confirmed that the whole kerfuffle was down to a false alarm.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.