Feeds

back to article Vodafone ships Mariposa-infected HTC Magic

Vodafone has been blamed for shipping Mariposa botnet malware and other nasties on a HTC Magic Android smartphones it supplied. The mobile phone giant's Spanish arm supplied an HTC Magic smartphone preloaded with malware that attempted to establish a backdoor for stealing information on connected PCs during the synchronisation …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Umm...

...I am a bit confused (if not down-right stupid). Conficker is a Windows virus. I assume the Mariposa bot is also a Windows bot. How can these infect Android which is a flavour of Linux?

Actually, never mind that; they could get included during application deployment to the phone when being manufactured. How the heck can this malware even run? Won't they depend on Windows hooks?

0
0
Gold badge

No mystery

"...attempted to establish a backdoor.........on connected PCs during the synchronisation process."

So the payload's on the device and they've somehow managed to hook into the sync process to install it where it can run. I'll bet an Android device can look like a connected drive to a Win PC for ease of copying back and forth and they've gone with the age-old autorun trick.

Were that to be so (the "appear as a drive" bit) the Conficker infection is easy to explain as that's how it spreads, it's never relied on the thing that presents the drive being able to run the code. I wouldn't mind a side-bet on the Mariposa infection being down to somebody retrofitting this replication mechanism to same.

0
0
Anonymous Coward

it doesn't run on the phone

It gets onto the host computer, usually during sync.. and probably depends on some user curiosity to KLICKEN SIE HIER, and runs like normal malware. The android box no more needs to run it than does an infected digital picture frame.

0
0
Silver badge

Re : Umm..

Looks like the phone is just the vector for loading a Windows PC with the malware. There's an autorun.inf involved ( see link in article)

1
0

How can it even run?

By windows mounting removable storage and automatically executing autorun.inf scripts by default. The same way as any USB-key distributed virus.

The phone wasn't the target: They synchronising Windows PC was.

0
0
Silver badge
Thumb Down

Androids don't synch with PCs....

Android phones don't synchronise with "connected PCs". You can mount the SD card and copy files, but nothing happens automagically unless you are stupid enough to have auto-run enabled on your PC.

(Android phones synch calendars, contacts, etc, with your Google account and, obviously, do that without being connected to a PC and is why there is no Android equivalent to ActiveSync. iTunes, etc ).

1
0
Linux

Just for a moment

I thought we had a real live linux (or at least linux-like) virus!

But it's only for the windose PC connection......

phew!

0
0
Thumb Down

It didn't happen

Mention it on their forums and it gets pulled in under two minutes. FAF

1
0
Grenade

Oh, my aching belly button!

Comments questioning the circumstances and validity of this sensational botnet "find" are pulled in under two minutes on Panda Forums ?

I wonder why ?

0
0
Jobs Halo

iPhone

Should have bought an iPhone. Apple's legendary tight-fisted control over what can be installed on their phones - along with the devices inherent security (you know, the security that prevents innocent users from doing what they want to with it) would have prevented this.

Feel free to downvote me - doesn't make me wrong. :-)

2
6

This post has been deleted by a moderator

Anonymous Coward

RegisterFail Fail

There are no exploits for non-jailbroken iPhones in the wild. Not one.

Apple's 'locked-down' ecosystem makes sense (and a lot of money for Apple shareholders).

1
2

This post has been deleted by a moderator

Anonymous Coward

RegisterFail Fail

"it's closed nature has absolutely no security benefits whatsoever"

Other than installing apps from a trusted and vetted source, of course. It's a great business model.

0
0

Vodafone ships Mariposa-infected HTC Magic

It doesn't make you right either dude. :)

The issue here is nothing to do with Android or the HTC phone. The infection came from the SDCard, which may or may not have been supplied by Vodafone, but probably didn't come from HTC.

For all we know the sdcard may have come from the researcher herself or the friend who bought the phone.

Apple's control (tight fisted or otherwise) doesn't stop the iPhone (or any iPod) being vulnerable to exactly the same problem if you enable it as a USB data drive and connect it to an infected PC.

There is nothing on the Iphone to detect or prevent the same thing happening.

0
0
WTF?

I has a confused

After a little clicking it appears that it is a Windoze malware.

I have no idea what this synch process is that is mentioned in the article, but I have never installed the official driver pack to see what it can do. All of my synch goes OTA to Google (soul: sold, yes).

What the author may be referring to is when the phone was hooked up over USB to use the SD card as mounted storage. Then it becomes the same as any USB flash device and has the same threats to Windoze.

0
0
Bronze badge
Stop

Infected like a USB Stick

Just another Autorun file on a USB Mass Storage mount, absolutely no device OS interaction whatsoever.

Only a loon would claim a USB Stick is "riddled with bots"

It's also only one phone, So personally I would have gone with the "Vodaphone sells ex-demo phone as new, comes with malware" angle, but I'm just crazy like that.

0
0
Silver badge
Stop

well I would

if I just bought it from a vodaphone shop (maybe to give to my mum or some other not so technical person) i'd be pretty pissed.

0
0

Virus Scanners on Phones...

It's only a matter of time until we need virus scanners on our phones. Then, they too will run like dogs, and the battery life will be measured in minutes.... :-(

1
0
Silver badge
Thumb Down

Get your facts straight

It wasn't the phone that had the malware on it, it was the micro SD card that was supplied with it.

I would guess that this was a re-issued phone and it was the previous owner who, deliberately or otherwise, infected the SD card.

I assume Vodafone did a factory reset on the phone before re-issuing it, but forgot about the card (which isn't affected by a factory reset).

1
0

Greece again?

In legal terms, is there a distinction between a botnet and an intercept, if both potentially are gathering the same data? And were I a super villain or a govt agency it could be easier to buy a share in a botnet than to set up an intercept. Spooky that it's Vodafone who have this issue - and no wonder they want people to forget it happened as the last time cost them dearly (indeed they were fined eur76m).

http://www.theregister.co.uk/2006/02/06/greece_mobile_snooping_scandal/

1
0
Coat

Open mouth. Carefully insert foot...

"Vodafone acknowledged the problem but said that the incident was an isolated problem, which came to light because the customer working for Spanish anti-virus firm Panda Security."

That appears to suggest that in Vodaphone's mind, it's only a problem if the malware is detected by someone who knows enough to understand what's happening...

2
0

That was my understanding as well

Yeah, it was an isolated case... that they got caught. Usually... they don't get caught.

1
0

My question is:

How can this possibly be an isolated incident?

Unless the supplier knew who it was going to and decided to cause them hassle then it would mean that every phone (presumably from the same batch when installed at the factory) must have the same software on it - and it's only that it's been discovered that it's come to light.

ttfn

0
0

isolated

I think what they meant was someone detecting that they were sending out malware infected hardware was an isolated incident. That usually doesn't happen. Nothing isolated about them sending out malware infected hardware though. :P

0
0

re: My question is

@Paul Murphy:

While it may be a bit of a reach to claim this as isolated at this stage (other than no one else has reported a problem) I think VF have some justification in claiming this is not a widespread problem.

These particular malware instances are not difficult to detect with any up to date antivirus product (not just the researchers own product featured so prominently in the article) so the likelihood is that if there were a widespread problem it would have surfaced pretty quickly because a fairly large number of VF Magic users must have connected their new phones to Windows PC's running antiviris software, to copy their music or whatever to the phone .

My VF Magic arrived in a VF box without the SD card installed, which was a brand new SanDisk 8GB card still in its original wrapper. I doubt it had ever been in a phone.

I would have liked the journalist to put some effort into determining the actual provenance of the SD Card, wheter supplied by Vodafone, a retailer, the actiuual owner of the phone,or the researcher in question.

0
0
FAIL

Wow, talk about bad luck

So the ONE SD-Card that was infected was sold to an anti-virus worker? That's pretty bad luck for Vodafone.

And yeah, it's the SD-Card that's infected, not Android. Sort it out.

2
0
WTF?

XXXX takes XXXX extremely seriously

If I here another company say that again, I will go postal.

Obviously, you didn't take it seriously, you didn't even consider it all, and didn't put safeguards in place, otherwise it wouldn't of fucking happened in the first place.

2
0
FAIL

Same problem, same message

Almost word for word, all the time

/nameofcompany/ takes the security and privacy of its customers extremely seriously and launched an immediate investigation into this incident

Following extensive Quality Assurance testing, early indications are that this was an isolated local incident

/nameofcompany/ keeps its security processes under constant review as new threats arise, and we will take all appropriate actions to safeguard our customers’ privacy.

0
0
Alien

Do I smell snake oil ?

Do I smell snake oil ?

0
0
This topic is closed for new posts.