Samsung Keylogger Stories a False Alarm

← Back to Stories (view on slashdot.org)

Samsung Keylogger Stories a False Alarm

Posted by CmdrTaco on Thursday March 31, 2011 @01:31AM from the everyone-sit-down-and-chill-out dept.

Trailrunner7 writes "The panic that arose yesterday about Samsung allegedly shipping laptops that contained a pre-installed keylogger turns out to have been a complete mistake after further investigation by security researchers and the company itself. In fact, the controversy was the result of a false positive from one commercial antimalware suite and nothing else. Several outlets reported on Wednesday that Samsung laptops had been found to contain a keylogger known as StarLogger right out of the box from the factory. However, upon closer inspection by security companies, the folder on the laptops that supposedly contained the malware was actually a directory that is part of Windows' multi-language support."

4 of 183 comments (clear)

Min score:

Reason:

Sort:

epic FAIL by pasv · 2011-03-31 01:36 · Score: 5, Insightful

We believed someone who used a 3rd rate antivirus and didnt verify with a kernel debugger? FAIL on all our parts especially the "security researcher" who so thoroughly researched this one
1. Re:epic FAIL by cf18 · 2011-03-31 01:59 · Score: 5, Interesting
  
  Indeed.
  - an antivirus software that rise alarm base on a two letter directory name inside \Windows , even when it is empty.
  - a "security researcher" that take the alarm at face value and never check if is actually there, check if the process run, what kind of content it was logging and where it is sending them.
  - a low level support manager confirm the software's existence, probably thinking about the fan speed and temperature monitoring software.
Re:So much for being a CISA CISSP MSIA ... by sglane81 · 2011-03-31 02:36 · Score: 5, Insightful

Not to mention these gems:

I installed ... security software ... The scan found two instances of a commercial keylogger called StarLogger ... This key logger is completely undetectable ...
So, this program found something which couldn't be found. Check.

After an in-depth analysis of the laptop, my conclusion was that this software was installed by the manufacturer, Samsung. I removed the keylogger software, cleaned up the laptop
Removed the keylogger by removing the folder? Check.

I found the same StarLogger software in the c:\windows\SL folder of the new laptop. The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years.
So, "false-positive proof." Good to know that your extensive experience running an anti-virus program has yielded perfect results. Don't worry about the fact that you don't actually know what you're talking about.

... logged incident 2101163379 with Samsung Support (SS). First, as Sony BMG did six years ago, the SS personnel denied ... SS changed its story ... SS personnel relented and escalated the incident ...
Can we claim Godwin here? I have a feeling Samsung Support doesn't refer to itself as the SS.
You obviously have some kind of agenda, Mohamed Hassan, MSIA, CISSP, CISA. I know now to never trust anything NetSec Consulting Corp does. Also, congrats on being an "adjunct professor of Information Systems in the School of Business at the University of Phoenix."

--
This is the Internet. You can say "fuck" here. - AC
Knee-jerk response is awesome by ashidosan · 2011-03-31 03:41 · Score: 5, Informative

John Graham-Cumming has an excellent, level-headed response to Mohamed Assan's entire "research."
Also confirmed at F-Secure.