Malware Infected Memory Cards of 3,000 Vodafone Mobiles
Malware-tainted memory cards may have ended up on as many as 3,000 HTC Magic phones, a greater number than first suspected, Vodafone said Friday.
Fri, March 19, 2010
IDG News Service — Malware-tainted memory cards may have ended up on as many as 3,000 HTC Magic phones, a greater number than first suspected, Vodafone (VOD) said Friday.
The problem came to light earlier this month after an employee of Panda Security plugged a newly ordered phone into a Windows computer, where it triggered an alert from the antivirus software.
Further inspection of the phone found the device's 8GB microSD memory card was infected with a client for the now-defunct Mariposa botnet, the Conficker worm and a password stealer for the Lineage game.
Vodafone said then it was an isolated incident, but an employee at Spanish security company S21sec discovered another phone with an infected card, which it sent to Panda. That phone was purchased directly from Vodafone's Web site in the same week as the first phone, according to Panda.
It is unclear how the batch of memory cards became infected although an investigation is under way, said a spokesman for Vodafone in Spain. There are no problems with either the HTC Magic phone or its Android OS. The malware only affected phones sold in Spain.
Vodafone will send a letter along with a new memory card to affected customers, the spokesman said. The letter will contain instructions for how customers can give their PCs free antivirus scans on Panda's Web site, which partners with Vodafone. He said Vodafone will give security software to people whose computers have become infected as a result of plugging in an infected HTC phone.
With the first phone, the Mariposa botnet code automatically ran and attempted to infect a computer. Mariposa was at one time one of the largest botnets, but security researchers were able to shut it down in December after disabling its command-and-control servers.
Conficker is a worm that still infects millions of machines worldwide, but its autorun capability may have been disabled by Mariposa, Panda said. The password-stealing program would not run unless someone double clicked the file.