Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Samsung rootkit was a Vipre false positive

March 31st 2011 in Uncategorized


That is all well and good, but what about this claim on networkworld.com:

The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."


We contacted three public relations officers for Samsung for comment about this issue and gave them a week to send us their comments. No one from the company replied.

My thoughts:

  1. Why did the “supervisor” confirm that Samsung were using a rootkit?
  2. Why did Samsung fail to respond to networkworld?

So what did we learn from this incident?

  1. Heuristic detections based on directory path MUST be regularly re-reviewed.  As far as I can tell after a bit of research, the …\Windows\SL directory has been in use since about October 2010.
  2. If a reporter contacts you claiming to have found a virus in your product, DON’T IGNORE HIM.
  3. The “supervisor” needs training.

Updated original news report:

Comments are closed.

“On March 1, 2011, I called and logged incident 2101163379 with Samsung Support (SS). First, as Sony BMG did six years ago, the SS personnel denied the presence of such software on its laptops. After having been informed of the two models where the software was found and the location, SS changed its story by […]

Previous Entry

URL: http://www.fbi.gov/news/pressrel/press-releases/department-of-justice-disrupts-international-cybercrime-rings-distributing-scareware Check out the sort of money that is being received by the miscreants behind scareware and malvertising.  With figures like $74 million being achieved, is it any wonder that these guys keep on going?

Next Entry