Zero Day

Ryan Naraine and Dancho Danchev

Vodafone HTC Magic shipped with Conficker, Mariposa malware

By Dancho Danchev | March 9, 2010, 4:56am PST

Summary

Researchers from PandaSecurity have detected Conficker and Mariposa malware samples shipped on a recently purchased Vodafone HTC Magic smartphone.

Topics

Vodafone Group Plc., Malware, Spyware, Adware & Malware, Cyberthreats, Security, Dancho Danchev

Blogger Info

Dancho Danchev

Bio
Contact

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Just when you thought you have taken care of all the possible malware infection vectors, flawed quality assurance procedures once again demonstrate the need for a transparent and systematic approach of ensuring that digital devices are shipped malware-free.

In a new blog post, researchers from PandaSecurity are reporting on Conficker, Mariposa and Lineage password stealing malware samples, shipped with a recently purchased Vodafone HTC Magic smartphone.

More details:

Today one of our colleagues received a brand new Vodafone HTC Magic with Google’s Android OS. The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious. A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into. Interestingly enough, the Mariposa bot is not the only malware I found on the Vodafone HTC Magic phone. There’s also a Confiker and a Lineage password stealing malware.

This is not an isolated incident, but an emerging trend. Over the past several years, a multitude of different devices have been shipped with malware that made its way through flawed quality assurance procedures.

Here’s a brief retrospective of reported cases where digital devices were shipped with malicious software:

2006 - Small Number of Video iPods Shipped With Windows Virus
2006 - McDonalds’ free Trojan: “Would you like malware with that?”
2007 - TomTom ships malware on sat-nav
2007 - Seagate ships virus-infected hard drives
2008 - HP ships USB sticks with malware
2008 - Best Buy issues security warning on Insignia digital picture frames
2008 - Asus ships Eee Box PCs with malware
2008 - Samsung Digital Photo Frame shipped with malware
2008 - Malware found in Lenovo software package
2008 - Telstra distributes malware-infected USB drives at AusCERT
2009 - Malware Found On Brand-New Windows Netbook (M&A Companion Touch)

The Vodafone HTC Magic incident is the second for March, 2010, following the recently reported malware infected Energizer DUO USB battery charger.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

More from “Zero Day”

Researchers build 8,000-strong smartphone botnet

New Microsoft IE zero-day flaw under attack

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

Ask a Question Start a Discussion

Talkback Most Recent of 138 Talkback(s)

Follow via:: RSS; Email Alert

RE: Vodafone HTC Magic shipped with Conficker, Mariposa malware

With crap like this, it should be clear why Apple is so
freaking anal about everything that goes on an iPhone.
resistor1

03/09/2010 05:49 AM
- Reply to
- Flag
True...

But watch for the tsunami of comments that declare that Windows isn't at fault, Microsoft is not to blame, and that it's all Apple or Linux's fault.
zkiwi

03/09/2010 06:18 AM
- Reply to
- Flag
Uhhh?

Why would Microsoft be to blame? I suggest you re-
read the article. The phone was running android,
not a microsoft os.

Don't feed the trolls please.
TheLightcosine

03/09/2010 07:09 AM
- Flag
Erm?

You want trolls, I refer you to LoveRock's posts below, behaving as I predicted. *shrug* Who knew,..
zkiwi

03/09/2010 09:11 AM
- Flag
Those windows trolls seem to be great believers in the powers of Wine

First they claim that Wine is no good at running windows software (which it isn't) and now they try to incriminate Linux for windows vulnerabilities.

AFAIK you need wine to run that software in Linux but Android does not have it. I wonder if they know that.

They are so funny.
Great Kahuna

(Edited: 03/09/2010 09:52 AM)
- Flag
Even if Android had WINE..

..so what?

The EXE was placed there by the manufacturer. They could just as easily have replaced the kernel of the OS itself. This has nothing to do with the security of an operating system, unless you plug it into a Windows computer, which might autorun it and become infected.
AzuMao

03/09/2010 01:04 PM
- Flag
Because EXE files do not run on Android.

It comes on the phone, shipped by the manufacturer, sitting there, waiting for you to plug it into a Windows computer, which then autoruns the nasty .EXE and gets infected.
AzuMao

03/09/2010 01:02 PM
- Flag
Not another Troll

Must be an autotroll adding such pathetic comments to a serious topic.

Anyway, I'd expect a comment from HTC OR perhaps a lawyers letter on it's way unless there something more to back this allegation up. This could be interesting either way. Heh Hee.
GetReal-mac.com

03/09/2010 07:14 AM
- Flagged
I 'm bored...

And most of the usual suspects wouldn't even notice it was Android, they'd just be out with excuses, most probably for Microsoft.

And if they did they'd hark back to the issue where iPods ended up shipped with some malware on them. That's where Apple would be blamed. It apparently was their fault then, so why not now, even on an android. Either that, or there are evil penguinistas about.

Now, about the only thing that is interesting is that Windows malware has once more ended up on a non-windows product.
zkiwi

03/09/2010 09:06 AM
- Flag
Ended up only as a technicality.

It won't actually run unless you put it in a Windows computer.
AzuMao

03/09/2010 01:06 PM
- Flag
Maybe it's Google's fault's, intentionally

it is shipped with an Android phone after all

Imagine the press: "Conficker and Mariposa mysteriouslly at large, once again..."

Then Google releasing their Chrome OS, right after the headlines....

It was just a thought.
John Zern

(Edited: 03/09/2010 08:37 AM)
- Flag
Ah, a conspiracy theory...

You've made me interested. Maybe this is Google's response to Microsoft digging at them in the EC. Can the story get "more better funner."
zkiwi

03/09/2010 09:08 AM
- Flag
We'll work on it.

You know how conspiracy theories go: got to throw some time and tinfoil-hatted people at it before it really takes on a life of it's own.
John Zern

03/09/2010 12:19 PM
- Flag
Oddly enough...

I dunno if it's true, but I think there's a Chinese company that has got WinMo running on this HTC Magic thing, so... :P
zkiwi

03/09/2010 02:57 PM
- Flag
Yes tinfoil

Actual does not protect from mind control or trolls wahaha. Let alone mind controlled trolls.
Altotus

03/10/2010 05:57 PM
- Flag