According to Paul Mutton, a security researcher with Netcraft, "the mere existence of this folder causes some anti-virus software to incorrectly report the presence of the commercial Starlogger keylogging software, even if the software is not actually installed."
The situation, Infosecurity notes, appears to be a classic case of a false positive being generated by IT security software, triggering a rash of newswire reports – and retractions – as the developments unfolded.
According to Networkworld, the saga resulted when "Mohamed Hassan wrote in Mich Kabay's Security Strategies newsletter that as soon as he received his Samsung R525 laptop, he ran a full system scan and found a commercial keylogger called StarLogger."
"Hassan ended up buying a second Samsung laptop, a model R540, and found the same keylogger installed on that one", says the newswire.
"The fact that on both models the same files were found in the same location supported the suspicion that the hardware manufacturer, Samsung, must know about this software on its brand-new laptops", Hassan reportedly wrote in the newsletter.
F-Secure's chief research officer, Mikko Hypponen, was one of the first IT security specialists to check the assertions over the Samsung laptops and realise what had happened.
The whole incident, says Hypponen, was caused by a false alarm triggered by GFI's VIPRE Antivirus product.
"Apparently VIPRE detects the StarLogger keylogger by searching for the existence of a directory called 'SL' in the root of the Windows directory. This is a bad idea", he said in his security blog.
"Unfortunately Mohamed Hassan, who did the original analysis, did not double-check his findings and blamed Samsung instead. Apparently he did not look at the contents of the 'SL' folder at all", he added.
"Samsung is innocent", he concluded.