UPDATE - Samsung selling notebook with pre-installed keylogger? No, it's not!

Here's an interesting (and worrying) story - keylogger discovered on Samsung R525 and R540.
Written by Adrian Kingsley-Hughes, Senior Contributing Editor

[UPDATE: Confirmation that this 'keylogger' is in fact a false-positive.]

Here's an interesting (and worrying) story - keylogger discovered on Samsung R525 and R540.

The keylogger was discovered by Mohamed Hassan, MSIA, CISSP, CISA graduated from the Master of Science in Information Assurance (MSIA) program from Norwich University in 2009:

While setting up a new Samsung computer laptop with model number R525 in early February 2011, I came across an issue that mirrored what Sony BMG did six years ago. After the initial set up of the laptop, I installed licensed commercial security software and then ran a full system scan before installing any other software. The scan found two instances of a commercial keylogger called StarLogger installed on the brand new laptop. Files associated with the keylogger were found in a c:\windows\SL directory.

According to a Starlogger description, StarLogger records every keystroke made on your computer on every window, even on password protected boxes.

So how did this keylogger find its way onto a Samsung notebook? Is it a virus? According to Samsung Support, no. Here's what Hassan says Samsung Support had to say:

The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."


If you've got a Samsung notebook, I'd rush out and scan it with a decent AV tool IMMEDIATELY!

[UPDATE: Samsung claims that the results obtained by Hassan are false positives:

The statements that Samsung installs keylogger on R525 and R540 laptop computers are false.

The confusion arose because VIPRE mistook Microsoft's Live Application multi-language support folder, "SL" folder, as StarLogger.

Our findings indicate that the person mentioned in the article used a security program called VIPRE that mistook a folder created by Microsoft's Live Application for a key logging software, during a virus scan.

The takeaway here should be that it's worthwhile scanning new systems for malware before deploying them (more readers here will have access to multiple standalone scanners such as this or this), just in case. Also, I'm surprised that Samsung didn't work with NetworkWorld to get to the bottom of this issue before the story ran.]

Editorial standards