Vodafone has been blamed for shipping Mariposa botnet malware and other nasties on a HTC Magic Android smartphones it supplied. The mobile phone giant's Spanish arm supplied an HTC Magic smartphone preloaded with malware that attempted to establish a backdoor for stealing information on connected PCs during the synchronisation …
...I am a bit confused (if not down-right stupid). Conficker is a Windows virus. I assume the Mariposa bot is also a Windows bot. How can these infect Android which is a flavour of Linux?
Actually, never mind that; they could get included during application deployment to the phone when being manufactured. How the heck can this malware even run? Won't they depend on Windows hooks?
"...attempted to establish a backdoor.........on connected PCs during the synchronisation process."
So the payload's on the device and they've somehow managed to hook into the sync process to install it where it can run. I'll bet an Android device can look like a connected drive to a Win PC for ease of copying back and forth and they've gone with the age-old autorun trick.
Were that to be so (the "appear as a drive" bit) the Conficker infection is easy to explain as that's how it spreads, it's never relied on the thing that presents the drive being able to run the code. I wouldn't mind a side-bet on the Mariposa infection being down to somebody retrofitting this replication mechanism to same.
it doesn't run on the phone
It gets onto the host computer, usually during sync.. and probably depends on some user curiosity to KLICKEN SIE HIER, and runs like normal malware. The android box no more needs to run it than does an infected digital picture frame.
Re : Umm..
Looks like the phone is just the vector for loading a Windows PC with the malware. There's an autorun.inf involved ( see link in article)
How can it even run?
By windows mounting removable storage and automatically executing autorun.inf scripts by default. The same way as any USB-key distributed virus.
The phone wasn't the target: They synchronising Windows PC was.
Androids don't synch with PCs....
Android phones don't synchronise with "connected PCs". You can mount the SD card and copy files, but nothing happens automagically unless you are stupid enough to have auto-run enabled on your PC.
(Android phones synch calendars, contacts, etc, with your Google account and, obviously, do that without being connected to a PC and is why there is no Android equivalent to ActiveSync. iTunes, etc ).
Just for a moment
I thought we had a real live linux (or at least linux-like) virus!
But it's only for the windose PC connection......
It didn't happen
Mention it on their forums and it gets pulled in under two minutes. FAF
Oh, my aching belly button!
Comments questioning the circumstances and validity of this sensational botnet "find" are pulled in under two minutes on Panda Forums ?
I wonder why ?
Should have bought an iPhone. Apple's legendary tight-fisted control over what can be installed on their phones - along with the devices inherent security (you know, the security that prevents innocent users from doing what they want to with it) would have prevented this.
Feel free to downvote me - doesn't make me wrong. :-)
There are no exploits for non-jailbroken iPhones in the wild. Not one.
Apple's 'locked-down' ecosystem makes sense (and a lot of money for Apple shareholders).
"it's closed nature has absolutely no security benefits whatsoever"
Other than installing apps from a trusted and vetted source, of course. It's a great business model.
Vodafone ships Mariposa-infected HTC Magic
It doesn't make you right either dude. :)
The issue here is nothing to do with Android or the HTC phone. The infection came from the SDCard, which may or may not have been supplied by Vodafone, but probably didn't come from HTC.
For all we know the sdcard may have come from the researcher herself or the friend who bought the phone.
Apple's control (tight fisted or otherwise) doesn't stop the iPhone (or any iPod) being vulnerable to exactly the same problem if you enable it as a USB data drive and connect it to an infected PC.
There is nothing on the Iphone to detect or prevent the same thing happening.
I has a confused
After a little clicking it appears that it is a Windoze malware.
I have no idea what this synch process is that is mentioned in the article, but I have never installed the official driver pack to see what it can do. All of my synch goes OTA to Google (soul: sold, yes).
What the author may be referring to is when the phone was hooked up over USB to use the SD card as mounted storage. Then it becomes the same as any USB flash device and has the same threats to Windoze.
Infected like a USB Stick
Just another Autorun file on a USB Mass Storage mount, absolutely no device OS interaction whatsoever.
Only a loon would claim a USB Stick is "riddled with bots"
It's also only one phone, So personally I would have gone with the "Vodaphone sells ex-demo phone as new, comes with malware" angle, but I'm just crazy like that.
well I would
if I just bought it from a vodaphone shop (maybe to give to my mum or some other not so technical person) i'd be pretty pissed.
Virus Scanners on Phones...
It's only a matter of time until we need virus scanners on our phones. Then, they too will run like dogs, and the battery life will be measured in minutes.... :-(
Get your facts straight
It wasn't the phone that had the malware on it, it was the micro SD card that was supplied with it.
I would guess that this was a re-issued phone and it was the previous owner who, deliberately or otherwise, infected the SD card.
I assume Vodafone did a factory reset on the phone before re-issuing it, but forgot about the card (which isn't affected by a factory reset).
In legal terms, is there a distinction between a botnet and an intercept, if both potentially are gathering the same data? And were I a super villain or a govt agency it could be easier to buy a share in a botnet than to set up an intercept. Spooky that it's Vodafone who have this issue - and no wonder they want people to forget it happened as the last time cost them dearly (indeed they were fined eur76m).
Open mouth. Carefully insert foot...
"Vodafone acknowledged the problem but said that the incident was an isolated problem, which came to light because the customer working for Spanish anti-virus firm Panda Security."
That appears to suggest that in Vodaphone's mind, it's only a problem if the malware is detected by someone who knows enough to understand what's happening...
That was my understanding as well
Yeah, it was an isolated case... that they got caught. Usually... they don't get caught.
My question is:
How can this possibly be an isolated incident?
Unless the supplier knew who it was going to and decided to cause them hassle then it would mean that every phone (presumably from the same batch when installed at the factory) must have the same software on it - and it's only that it's been discovered that it's come to light.
I think what they meant was someone detecting that they were sending out malware infected hardware was an isolated incident. That usually doesn't happen. Nothing isolated about them sending out malware infected hardware though. :P
re: My question is
While it may be a bit of a reach to claim this as isolated at this stage (other than no one else has reported a problem) I think VF have some justification in claiming this is not a widespread problem.
These particular malware instances are not difficult to detect with any up to date antivirus product (not just the researchers own product featured so prominently in the article) so the likelihood is that if there were a widespread problem it would have surfaced pretty quickly because a fairly large number of VF Magic users must have connected their new phones to Windows PC's running antiviris software, to copy their music or whatever to the phone .
My VF Magic arrived in a VF box without the SD card installed, which was a brand new SanDisk 8GB card still in its original wrapper. I doubt it had ever been in a phone.
I would have liked the journalist to put some effort into determining the actual provenance of the SD Card, wheter supplied by Vodafone, a retailer, the actiuual owner of the phone,or the researcher in question.
Wow, talk about bad luck
So the ONE SD-Card that was infected was sold to an anti-virus worker? That's pretty bad luck for Vodafone.
And yeah, it's the SD-Card that's infected, not Android. Sort it out.
XXXX takes XXXX extremely seriously
If I here another company say that again, I will go postal.
Obviously, you didn't take it seriously, you didn't even consider it all, and didn't put safeguards in place, otherwise it wouldn't of fucking happened in the first place.
Same problem, same message
Almost word for word, all the time
/nameofcompany/ takes the security and privacy of its customers extremely seriously and launched an immediate investigation into this incident
Following extensive Quality Assurance testing, early indications are that this was an isolated local incident
/nameofcompany/ keeps its security processes under constant review as new threats arise, and we will take all appropriate actions to safeguard our customers’ privacy.
Do I smell snake oil ?
Do I smell snake oil ?