By
updated 3/31/2011 2:11:42 PM ET 2011-03-31T18:11:42

As the confused character Emily Litella would have said in Gilda Radner’s famous “Saturday Night Live” skits — never mind.

The keylogging spyware detected on two Samsung laptops by an independent security researcher was probably the result of a “false positive” by VIPRE antivirus software.

“Samsung Laptops do not have a keylogger (and it was our fault),” read a blog posting Thursday by GFI, the Cary, N.C., security vendor that makes and markets VIPRE.

The posting went on to explain how a Slovenian language pack for Windows could have been mistaken for StarLogger, a commercial product that secretly records keystrokes and screenshots and sends them to a remote observer.

Installation of either package could create a folder called “SL” in the Windows directory.

“It’s not common knowledge,” GFI’s blog posting said, “but folder path detections are actually used by a good number of antimalware products, but are generally frowned upon as a folder that looks clearly like one for malware has the potential of generating just this kind of result — a false positive.”

A Samsung spokesperson gave SecurityNewsDaily the following statement:

"Reports that a keylogger was installed in Samsung laptops are not true. Our findings indicate that the person mentioned in the article used a security program called VIPRE that mistook a folder created by Microsoft Live Application for a key logging software, during a virus scan."

Toronto-based researcher Mohamed Hassan’s guest postings on NetworkWorld Wednesday (March 30) created ripples across the information security world, since they appeared to show proof that a major computer company had been secretly pre-installing spyware.

Hassan said a Samsung employee had told him that the keylogger had been put there to “monitor performance.”

Hassan’s story on NetworkWorld was been updated Thursday to reflect the possibility of a false positive and to state that Samsung was working with Hassan and GFI to investigate the matter. It did not confirm whether Hassan had used VIPRE on his laptops.

© 2012 SecurityNewsDaily. All rights reserved

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments