Submission + - Samsung installs keylogger on its laptop computers (networkworld.com)
NetSurferHI writes: Apparently Samsung thinks it is ok to capture every keystroke you type in on your Samsung laptop. From the Network World article by M. E. Kabay and Mohamed Hassan Mohamed Hassan:
"While setting up a new Samsung computer laptop with model number R525 in early February 2011, I came across an issue that mirrored what Sony BMG did six years ago. After the initial set up of the laptop, I installed licensed commercial security software and then ran a full system scan before installing any other software. The scan found two instances of a commercial keylogger called StarLogger installed on the brand new laptop. Files associated with the keylogger were found in a c:\windows\SL directory.
According to a Starlogger description, StarLogger records every keystroke made on your computer on every window, even on password protected boxes.
This key logger is completely undetectable and starts up whenever your computer starts up. See everything being typed: emails, messages, documents, web pages, usernames, passwords, and more. StarLogger can email its results at specified intervals to any email address undetected so you don't even have to be at the computer your[sic] are monitoring to get the information. The screen capture images can also be attached automatically to the emails as well as automatically deleted.
After an in-depth analysis of the laptop, my conclusion was that this software was installed by the manufacturer, Samsung. I removed the keylogger software, cleaned up the laptop, and continued using the computer. However, after experiencing problems with the video display driver, I returned that laptop to the store where I bought it and bought a higher Samsung model (R540) from another store.
Again, after the initial set up of the laptop, I found the same StarLogger software in the c:\windows\SL folder of the new laptop. The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years. The fact that on both models the same files were found in the same location supported the suspicion that the hardware manufacturer, Samsung, must know about this software on its brand-new laptops.
[Mich Kabay adds:]
Research online brought up a discussion of "Samsung rootkit" from May 2010 in which contributors reported a freeze on rootkit scans of Samsung laptop computers. However, no one seems to have reported a StarLogger installation as far as we have been able to determine using Web search engines.
In the next article, Mr Hassan discusses how Samsung responded to his discovery.
"While setting up a new Samsung computer laptop with model number R525 in early February 2011, I came across an issue that mirrored what Sony BMG did six years ago. After the initial set up of the laptop, I installed licensed commercial security software and then ran a full system scan before installing any other software. The scan found two instances of a commercial keylogger called StarLogger installed on the brand new laptop. Files associated with the keylogger were found in a c:\windows\SL directory.
According to a Starlogger description, StarLogger records every keystroke made on your computer on every window, even on password protected boxes.
This key logger is completely undetectable and starts up whenever your computer starts up. See everything being typed: emails, messages, documents, web pages, usernames, passwords, and more. StarLogger can email its results at specified intervals to any email address undetected so you don't even have to be at the computer your[sic] are monitoring to get the information. The screen capture images can also be attached automatically to the emails as well as automatically deleted.
After an in-depth analysis of the laptop, my conclusion was that this software was installed by the manufacturer, Samsung. I removed the keylogger software, cleaned up the laptop, and continued using the computer. However, after experiencing problems with the video display driver, I returned that laptop to the store where I bought it and bought a higher Samsung model (R540) from another store.
Again, after the initial set up of the laptop, I found the same StarLogger software in the c:\windows\SL folder of the new laptop. The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years. The fact that on both models the same files were found in the same location supported the suspicion that the hardware manufacturer, Samsung, must know about this software on its brand-new laptops.
[Mich Kabay adds:]
Research online brought up a discussion of "Samsung rootkit" from May 2010 in which contributors reported a freeze on rootkit scans of Samsung laptop computers. However, no one seems to have reported a StarLogger installation as far as we have been able to determine using Web search engines.
In the next article, Mr Hassan discusses how Samsung responded to his discovery.
