False alarm over an alleged Samsung Trojan
Source: AV-Test On Wednesday, the US news site NetworkWorld posted a dramatic story that Samsung was supposedly installing keyloggers on laptops it sold. The story turns out to be a false alarm from the VIPRE anti-virus software.
The story was extremely thin from the beginning. The alleged security expert Mohamed Hassan says that he discovered the StarLogger keylogger on two newly purchased Samsung notebooks. He presented only one technical indication of this allegation: an alarm raised by un-named anti-virus software. Apparently the idea of a false alert came to Hassan's mind but he dismissed it. He even called the findings "false-positive proof" because he used the software for six years it had never identified anything incorrectly to him. He additionally quoted Samsung support staff apparently confessing that this software would be installed by Samsung.
In the mean time, Samsung asserts that it did nothing of the sort. It was working with Hassan to find the cause of the alarm message from the VIPRE anti-virus software and has now established what happened. The virus lab AV-Test confirmed to The H's associates at heise Security that the mere existence of the directory
C:\Windows\SL is sufficient to generate the alarm pictured top-right. The directory is created by the Microsoft Live Slovenian language files.
Interestingly, NetworkWorld did not, at least in any obvious fashion, perform further technical analysis of the alarm such as examining the "infected" system and searching for the hook used to eavesdrop on keystrokes. Various well-known security experts passed the news item on via Twitter and several news services carried the story.