Malware found on another HTC Magic smartphone
Computerworld is New Zealand's only specialised information systems fortnightly. Subscribe now for $97.50 (24 issues) and save more than 37% off the cover price!
Traces of the now defunct Mariposa botnet have been found on another HTC Magic from Vodafone in Spain, security company Panda wrote in a blog post on Wednesday.
The malware was found on the SD card that shipped with the Android-based smartphone.
On March 8, when the first case was reported, a Vodafone spokesman said "it appears to be an isolated incident", and Panda's senior research adviser Pedro Bustamante thought it was an issue with a specific refurbished phone.
However, a second occurrence is too much of a coincidence, and shows it could be a bigger problem with quality assurance or a specific batch of phones, according to Bustamante. Panda also found a copy of the Win32/AutoRun worm on the phone's memory card, he said.
An employee at Spanish security company S21sec found second infection and sent the card to Panda. The phone was purchased directly from Vodafone's website in the same week as the first phone, Bustamante wrote.
Vodafone's investigation into the first report is still ongoing, a Vodafone spokesman said. He also reiterated that Vodafone takes this extremely seriously, and will make any changes that are deemed necessary.
The original blog post caused quite a bit of stir, and reactions "ranged from applause for uncovering this to accusing us of making it up," according to Bustamante.
The incident also proved to be a boost for Israeli security company DroidSecurity. Its mobile device security software was downloaded by 10,500 new users within 24 hours of the first report, the company said on Wednesday.
In a sense, the phones in question are no different to usb memory sticks or external drives that have been connected at some point to an infected Windows box.
The issue is with Vodafone, who supplied the infected cards, rather than HTC/Android. (My experience has been that the carriers/retailers bundle the memory cards, often upgrading to a higher capacity card than the original vendor and including bonus content
Just as an aside I'm curious if any Winmo, iPhones or ipods enabled as mass storage have been reported as transporting similar infections. There is nothing to prevent it.
I'm also interested why it is only two security comoanies who picked this up, rather than users.
Both of these malware are easily detected by ordinary PC consumer AV products and you would think if it was widespread there would be more than just two reports from security professionals.
Posted by Anonymous at 8:21:45 AM on March 18, 2010
