Thursday, March 31, 2011

Samsung Keylogger Reports Due To False Positive

Reports published on several major sites yesterday about a potentially damaging keylogger being pre-installed on brand-new Samsung laptops have now been refuted as being nothing more than a false positive, some overzealous, perhaps even poor reporting and apologies have now been issued.

Mohamed Hassan the founder of NetSec Consulting Corp, a firm that specializes in information security consulting services. wrote in Mich Kabay’s Security Strategies newsletter that as soon as he received his Samsung R525 laptop, he ran a full system scan and found a commercial keylogger called StarLogger. Upon returning the laptop for another again ran similar scans detecting the same keylogger.

Without any other corroboration or verification from other sources NetworkWorld ran with Hassan's story which was picked up by several other major news outlets creating a major stir. The problem being no one worked to verify the reports, rather they took them on face value and spread the false information like oil on water.

GFI Labs, the maker of VIPRE, has issued an explanation and apology for generating the false positives that led to these articles: "We apologize to the author Mohamed Hassan, to Samsung, as well as any users who may have been affected by this false positive."

"The confusion arose because VIPRE mistook Microsoft's Live Application multi-language support folder, "SL" folder, as StarLogger. (Depending on the language, under C:\windows folders "SL" for Slovene, "KO" for Korean, "EN" for English are created."

Researchers at other antimalware companies confirmed early today that the original detection that led to the confusion was indeed a false positive.

Personally I think Samsung should look to hold someone accountable. Right from the start this looked very suspect to me. One report from a guy that buys two machines from one store hardly lent any credibility to the claims that Samsung was at fault. Back that by the fact that not one of the news outlets that ran the story, nor Mr. Hassan himself, tried to get corroboration from any outside sources and you had the making of some seriously bad reporting.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you