Samsung rootkit was a Vipre false positive
http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keylogger.html
That is all well and good, but what about this claim on networkworld.com:
and
My thoughts:
- Why did the “supervisor” confirm that Samsung were using a rootkit?
- Why did Samsung fail to respond to networkworld?
So what did we learn from this incident?
- Heuristic detections based on directory path MUST be regularly re-reviewed. As far as I can tell after a bit of research, the …\Windows\SL directory has been in use since about October 2010.
- If a reporter contacts you claiming to have found a virus in your product, DON’T IGNORE HIM.
- The “supervisor” needs training.
Updated original news report:
http://www.networkworld.com/newsletters/sec/2011/032811sec2.html