14 DAY TRIAL // Samsung has investigated claims that at least two of its laptop models were shipped preloaded with a keylogger and dismissed the incident as the result of an antivirus false positive detection.
NetSec Consulting Corp founder Mohamed Hassan reported yesterday that two laptop models from Smasung, namely R525 and R540, come infected with a keylogger.
Mr. Hassan's based his report on an alert from an antivirus program which detected the StarLogger malware in the "C:\WINDOWS\SL" directory.
The security professional compared the incident to Sony's bundling of a rookit for copy protection purposes on CDs in 2005.
The scandal resulting from that decision and the class action lawsuits that followed ended up costing Sony over $500 millions.
Samsung immediately launched an investigation and determined that the folder in question is part of the Slovenian language support for Microsoft’s Live application.
The false positive alert was generated by VIPRE Antivirus, a product developed by GFI Security (formerly Sunbelt). The company has since admitted and fixed the error.
"The detection was based off of a rarely-used and aggressive VIPRE detection method, using folder paths as a heuristic. I want to emphasize 'rarely', as these types of detections are seldom used, and when they are, they are subject to an extensive peer review and QA process," explained Alex Eckelberry, general manager of GFI Security.
Security researchers from F-Secure also confirmed that this is a false positive detection so it seems the security industry cleared Samsung of any shady behavior.
However, false positives can be a problem for businesses. Two years ago we wrote about one case where the of sales an UK online florist shop dropped by 50% after its legit marketing emails were tagged as infected by MessageLabs (now part of Symantec).
There are also cases when devices do indeed ship preloaded with malware, but intentionally. Such was the case of Vodafone Spain, which delivered 3,000 phones with infected microSD cards last year.