As the confused character Emily Litella would have said in Gilda Radner’s famous “Saturday Night Live” skits — never mind.
The keylogging spyware detected on two Samsung laptops by an independent security researcher was probably the result of a “false positive” by VIPRE antivirus software.
“Samsung Laptops do not have a keylogger (and it was our fault),” read a blog posting Thursday by GFI, the Cary, N.C., security vendor that makes and markets VIPRE.
The posting went on to explain how a Slovenian language pack for Windows could have been mistaken for StarLogger, a commercial product that secretly records keystrokes and screenshots and sends them to a remote observer.
Installation of either package could create a folder called “SL” in the Windows directory.
“It’s not common knowledge,” GFI’s blog posting said, “but folder path detections are actually used by a good number of antimalware products, but are generally frowned upon, as a folder that looks clearly like one for malware has the potential of generating just this kind of result — a false positive.”
A Samsung spokesperson gave SecurityNewsDaily the following statement:
"Reports that a keylogger was installed in Samsung laptops are not true. Our findings indicate that the person mentioned in the article used a security program called VIPRE that mistook a folder created by Microsoft Live Application for a key logging software, during a virus scan."
Toronto-based researcher Mohamed Hassan’s guest postings on NetworkWorld Wednesday (March 30) created ripples across the information security world, since they appeared to show proof that a major computer company had been secretly pre-installing spyware.
Hassan said a Samsung employee had told him that the keylogger had been put there to “monitor performance.”
Hassan’s story on NetworkWorld was been updated Thursday to reflect the possibility of a false positive and to state that Samsung was working with Hassan and GFI to investigate the matter. It did not confirm whether Hassan had used VIPRE on his laptops.
