In last week around 3400 vodafone memory card were literally infected due to Malwares. A malware has ended up and stopped a number of HTC magic phones, vodafone reported. The problem came into consideration in the mid of this month after an employee of Panda Security plugged a brand new phone into a Windows computer, [...]
In last week around 3400 vodafone memory card were literally infected due to Malwares. A malware has ended up and stopped a number of HTC magic phones, vodafone reported.
The problem came into consideration in the mid of this month after an employee of Panda Security plugged a brand new phone into a Windows computer, where it triggered an alert from the antivirus software.
Further research and detection of the phone found the device’s 8GB microSD memory card was infected with a client for the now-defunct Mariposa botnet, the Conficker worm and a password stealer for the Lineage game.
Vodafone answered that it was just an incident, but as information spreaded later an employee at Spanish security company S21sec discovered another cell phone with an Malwared memory chip with similar case, which it sent to Panda. That phone was purchased directly from Vodafone’s Web site in the same week as the first phone, according to Panda.
The reason or the problem behind the incident is still unknown and investigation is still being carried, reported Vodafone’s Spokesman,spain. However, it is surprising that the HTC phones/android OS are completely fine but how are the brand new cards getting such type of Malware in it. All the cases reported were from Spain only.
In the case of first phone, the Mariposa botnet code automatically got executed and attempted to infect a computer. Mariposa was at one time one of the largest botnets, but security researchers were able to shut it down in December after disabling its command-and-control servers.
Conficker is a worm that still infects millions of machines worldwide, but its autorun capability may have been disabled by Mariposa, Panda said. The password-stealing program would not run unless someone double clicked the file.
Updated 24th March 2010:
“This Mariposa botnet client is also loaded in the same hidden NADFOLDER directory. It is also named as AUTORUN.EXE and will automatically run when connected into a Windows machine unless you have autorun disabled ([download id="1"] to disable autorun if you haven’t done so yet),” the PandaLabs blog item says.
“The Mariposa botnet client itself is exactly the same as reported last week, with the same nickname and same Command & Control servers,” the post says. “There was also more malware in the SD card in addition to Mariposa. I also found a Win32/AutoRun worm” in the card.
A Vodafone spokesperson provided a statement via e-mail: This screenshot shows that the malware found on the second HTC Magic from Vodafone is named AUTORUN.EXE and stored in a hidden folder directory named "NADFOLDER" as the malware found earlier.
“Vodafone takes security of its customers very seriously and there is an ongoing investigation into the issue. After an extensive Quality Assurance testing on HTC Magic handsets in several of our operating companies, indications are that this is a local incident in Spain. Vodafone keeps all of its security processes under constant review as new threats arise and we will take all appropriate actions to safeguard our customers’ privacy.”
