[Final Update... I think -  THERE WAS NO KEYSTROKE LOGGER please see https://www.welivesecurity.com/2011/03/31/samsung-and-i-got-bit-by-a-vipre to find out what happened.]

[Update - There will be a new blog about this incident. I relied upon the information at http://www.networkworld.com/newsletters/sec/2011/040411sec1.html that Samsung had confirmed the presence of the keystroke logger in asserting that the laprops were infected. Since then Samsung has asserted that the laptops were not infected and that appears to be the case. -Randy]

[Update: it looks likely that this story arises from a misunderstanding on the part of the orignal researcher, due to a spectacular false positive on the part of a scanner he was using. Not ESET's, we hasten to add! ]

If you have a Samsung computer check it out. If there is a directory called c:windowsSL. This is a directory used to house a commercial keystroke logger that it appears Samsung is using to steal your passwords, screen shots, and other data.

An article at http://www.networkworld.com/newsletters/sec/2011/032811sec2.html details how Norwich University graduate Mohamed Hassan found the keystroke loggers on 2 brand new Samsung laptops.

If you own a Samsung computer and find the keystroke logger on your computer, you will need to uninstall it, and then change all of your passwords. Also keep your eyes open for a class action lawsuit, you probably will be entitled to compensation.

Hopefully the management at Samsung will not be as ignorant as Sony BMG’s president of global digital business when he tried to defend Sony’s rootkit blunder by explaining "Most people don't even know what a rootkit is, so why should they care about it?" There was good reason to worry and even more reason to worry about Samsung collecting your passwords.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America