facebook rss twitter

Botnet found on Vodafone HTC Magic

by Scott Bicheno on 9 March 2010, 15:58

Tags: Panda, HTC (TPE:2498), Vodafone (LON:VOD)

Quick Link: HEXUS.net/qawjl

Add to My Vault: x

Bad butterfly

As smartphones become both smarter and more ubiquitous, we should expect bad guys to target them more for malware infestation.

A Spanish employee of security software Panda - which has been keeping an eye on the massive new botnet ‘Mariposa' (Spanish for butterfly) - apparently got a nasty surprise when she connected her new, Android-based and Vodafone-supplied HTC Magic to her PC.

It initiated some autorun programmes, which set-off her Panda antivirus, according to a recent Panda blog post. Further inspection revealed the malware the phone was infested with was a Mariposa bot client. Furthermore, there was also Confiker and Lineage malware too.

We spoke to Vodafone and, while they stressed they were still looking into how this happened, in cooperation with both Google and HTC, right now it looks like an isolated incident. Here's the official statement:

Vodafone takes the security and privacy of its customers extremely seriously and launched an immediate investigation into this incident

Following extensive Quality Assurance testing on HTC Magic handsets in several of our operating companies, early indications are that this was an isolated local incident

Vodafone keeps its security processes under constant review as new threats arise, and we will take all appropriate actions to safeguard our customers' privacy.

While this is far from the kind of apocalyptic malware you can imagine smartphones have the potential to host, it does serve as a timely reminder that it surely won't be long before we all need security software installed on our phones, just as we already do on PCs.

 



HEXUS Forums :: 4 Comments

Login with Forum Account

Don't have an account? Register today!
So, seeing as she has a music folder on her phones mSD card, who wants to put money on her illegally downloading music via the likes of limewire, picking up a virus and then it dropping itself on the card to go infect elsewhere..
HTC and Google in:
phone that presents itself as mass storage device is as vunerable to been a plague carrier as any other usb mass storage device shocker.
TheAnimus
HTC and Google in:
phone that presents itself as mass storage device is as vunerable to been a plague carrier as any other usb mass storage device shocker.

I was expecting something based on malware from a downloaded app causing it and then infecting media files for use on pcs or something like that.

I can only hope :)
This is probably b*llocks. It's autorun malware - whenever she plugged a removable drive into her PC, which would have already been infected, it will have created the NADFOLDER & copied the Autorun-related files to her PC. File dates and times cannot be used reliably, as malware often changes them to many months or years prior to the infection date.

This is not unusual - I've seen a whole office have the same “NADFOLDER” fake recycle bin and Autorun malware. If the one in this story is from the same family, it also copies itself to the same folders in the root of mapped network shares. It also - by the nature of them being removable - infects any cards on USB digital cameras, camcorders with card slots, USB->CF adapters, the internal memory & SD cards on GPS devices etc. It's all quite reliable and not at all anything unusual nowadays.