Updated 3/31/2011: Added Samsung's official response claiming that the findings of Mohamed Hassan are false and included link to details of VIPRE error message that caused the StarLogger false positive.
It's deja vu all over again: Yet another company has been caught installing spyware on PCs to collect information about users. This time around it's Samsung, who -- thanks to some sharp detective work by security researcher Mohamed Hassan (as told to Network World) -- was discovered to have pre-installed a commercial key-logging app called StarLogger on multiple Samsung laptops. At press time it was unclear how large the scope of the keylogger distribution is and which specific Samsung laptops include the software, but it is clear that yet another corporation has received a black eye by not being mindful of consumer privacy.
The afternoon of 3/30 I emailed Samsung PR about the Network World story and received the following response from a Samsung spokesperson:
"Samsung takes Mr. Hassan’s claims very seriously. After learning of the original post this morning on NetworkWorld.com, we launched an internal investigation into this issue. We will provide further information as soon as it is available."
The morning of 3/31 I received yet another email from Samsung public relations, and this one disputed the original report and claimed that Hassan's findings were in error. Samsung's Korean webpage has a more detailed response from Samsung (with VIPRE screengrab) here.
“Reports that a keylogger was installed in Samsung laptops are not true. Our findings indicate that the person mentioned in the article used a security program called VIPRE that mistook a folder created by Microsoft Live Application for a key logging software, during a virus scan.”
Why deja vu? Security expert, former Windows IT Pro contributor, and Microsoft Technical Fellow Mark Russinovich broke the news about Sony BMG installing a rootkit via their music CDs as part of a digital rights management (DRM) scheme back in the Fall of 2005. Russinovich later authored an article for Windows IT Pro about unearthing rootkits, and also co-developed (with Bryce Cogswell) software called Rootkit Revealer (download) that requires Windows XP or Windows Server 2003 (32-bit versions only) and searches for rootkit software.
Russinovich and Cogswell also developed Process Monitor (download) -- available for Windows XP and higher or Windows Server 2003 and higher -- a handy monitoring utility that reveals real-time thread, process, registry and file-system activity, which can be useful in finding things like rootkits and keyloggers.
What do you think about Samsung keylogger incident? Give me your take by commenting on this blog post or following me and starting a discussion on Twitter.
