Samsung laptops dubbed clean after false alarm

Share this article:
Samsung's reputation has been cleared after several reports Wednesday wrongly accused the company of selling laptops containing keylogging software capable of recording anything a user typed.

The misunderstanding began after Network World on Thursday published an article, written by security researcher Mohamed Hassan, in which he claimed he had purchased two brand new Samsung laptops that were infected with a commercial keylogger called “StarLogger.”

Adding to the confusion, Hassan said he placed an incident report with Samsung on March 1 and during the call a support supervisor said that the company put the software on the laptop to, “'monitor the performance of the machine and to find out how it is being used,'” according to the article.

Samsung has since denied that its laptops were sold with the keylogger program.

“Reports that a keylogger was installed in Samsung laptops are not true,” a Samsung spokesman told SCMagazineUS.com in an email statement Thursday. “Our findings indicate that the person mentioned in the article used a security program called VIPRE that during a virus scan mistook a folder created by Microsoft Live Application for keylogging software.”

VIPRE is an anti-virus program produced by GFI Software.

Anti-virus firm F-Secure also independently tested several Samsung laptop models and found no keyloggers. The firm tested six Samsung models, including R540, the model mentioned in Hassan's report, and all were clean.

“Until proven otherwise, we don't believe Samsung has been installing keyloggers on their laptops by default,” Mikko Hypponen, chief research officer at F-Secure, wrote in a blog post Thursday.

In the original Network World article, which has since been updated, Hassan said he became aware of the issue last month after purchasing a new Samsung R525 laptop. A security scan of the machine turned up two instances of the StarLogger keylogger, which he scrubbed off the machine. After experiencing problems with the laptop, Hassan said he brought it back to the store and purchased the more powerful Samsung R540 model laptop, on which he found the same keylogger.

“The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years,” the researcher claimed.

But according to GFI, Hassan's findings were indeed based on a false positive. The company has apologized.

“False positives do happen. It's inevitable, and like all anti-virus companies, we continually strive to improve our detections while reducing any chance of a false positive,” Alex Eckelberry, general manager of GFI Security, wrote in a blog post Thursday. “This one (admittedly, an incredibly embarrassing one) made it through our processes.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.