Samsung Laptop 'Infection' a False Alarm

Dennis Faas's picture

A computer security company has apologized after its software mistakenly reported that new Samsung laptops carry malicious software. The confusion was due to security software labeling a legitimate folder directory as being infected.

The claims were first made by tech writer Mohamed Hassan in an article for Network World. He wrote on Monday that after buying a new Samsung laptop, he ran a security software check and found two cases of a keylogger known as Starlogger.

A keylogger is a malicious application that records all keystrokes made by the user and returns them to the application's creator, the idea being that they can then pull out user names and passwords, along with any other sensitive information the user may have typed.

Writer Claims No Doubt About Findings

Hassan said he carried out an "in-depth analysis of the laptop" and concluded "that this software was installed by the manufacturer, Samsung."

He later returned the computer to the store and bought a different Samsung model, only to find that too appeared to carry the keylogger. Hassan confidently wrote that his findings were "false-positive proof" and that he had a suspicion that Samsung "must know about the software on its brand-new laptops."

He claimed that a supervisor who he spoke to on a Samsung support phoneline confirmed the company had put the software on the laptop, and thus concluded his writing with "Good luck, Samsung! We see a class-action lawsuit in your future..." (Source:

No doubt Hassan's writing would have been a major scoop, if it were accurate. Unfortunately for Hassan, that wasn't the case.

Legit & Bogus Software Share Same Address

Samsung responded to the story by setting up a joint investigation with GFI Sunbelt Software, the manufacturers of the security software Hassan had used. GFI later confirmed the "keylogger finding" was indeed a false positive.

A few years back, the Starlogger Trojan installed itself in the directory C:\WINDOWS\SL. GFI's VIPRE, a malware-detection product sold by GFI, then added this to its security checklist, such that any computer which contained this directory would be flagged as infected.

Flash forward a few year later, and Microsoft's own Windows Live software began using the exact same directory to install Slovenian language files. It was that directory -- which appeared when Samsung installed Windows Live on its machines before putting them on the shelves -- that triggered the virus infection warning. (Source:

An Incredibly Embarrassing Error

It seems to be a case of embarrassment all round. Network World claims Samsung was given a week to address the problem before the article was published and didn't do so: if that's the case, it certainly missed a chance to avoid the confusion.

GFI has apologized to all concerned for what it calls an "incredible embarrassing" error.

Rate this article: 
No votes yet