Samsung installs keylogger on its laptops
User discovers that Samsung is pre-loading keyloggers on its laptop
computers.
[UPDATE: Samsung has launched an investigation into the matter and is
working with Mich Kabay and Mohamed Hassan in the investigation. Samsung
engineers are collaborating with the computer security expert, Mohamed
Hassan, MSIA, CISSP, CISA, with faculty at the Norwich University Center for
Advanced Computing and Digital Forensics, and with the antivirus vendor
whose product identified a possible keylogger (or which may have issued a
false positive). The company and the University will post news as fast as
possible on Network World. A Samsung executive is personally delivering a
randomly selected laptop purchased at a retail store to the Norwich
scientists. Prof. Kabay praises Samsung for its immediate, positive and
collaborative response to this situation.]

A user discovered a keylogger pre-installed on two brand-new Samsung laptops
that the company admitted was there to "monitor the performance of the
machine and to find out how it is being used."

Mohamed Hassan wrote in Mich Kabay's Security Strategies newsletter that as
soon as he received his Samsung R525 laptop, he ran a full system scan and
found a commercial keylogger called StarLogger.

StarLogger claims it records every keystroke made on the computer, even on
password-protected boxes, starting up whenever the computer starts up. The
software emails results at intervals to a specified email address and will
even include screen captures.

Hassan ended up buying a second Samsung laptop, a model R540, and found the
same keylogger installed on that one.

"The fact that on both models the same files were found in the same location
supported the suspicion that the hardware manufacturer, Samsung, must know
about this software on its brand-new laptops," he writes.

Hassan reports that at first Samsung Support personnel denied that they
installed the software and directed him to Microsoft, but then eventually
admitted that Samsung was responsible.

As Hassan notes, the incident is reminiscent of the Sony BMG rootkit fiasco
of 2005. At the time, Sony BMG used a rootkit to monitor computer user
behavior and limit how music CDs were used on the computer.

Kabay says that Samsung has not responded to further requests for comment.

"FredW" <fredw@blackholespam.net> wrote in message
news:uvu8p6t6gbtp0t6mlr4top13qn8iunapcg@4ax.com...
On Thu, 31 Mar 2011 13:44:41 +0100, "Mr. Slow"
<millenniumgold@btinternet.invalid> wrote:

>Oops . . . missed the link!
>
>http://www.networkworld.com/newslett...32811sec2.html
>
>
>-- Remove ".invalid" and replace with ".com" to reply

Someone who is not able to recognize a "false positive".
http://www.zdnet.com/blog/hardware/s...positive/12128

--
Fred W. (NL)