Vodafone has finally decided to come clean. In a stark departure from their original claim, Vodafone has now admitted that as many as 3000 brand new HTC Magic handsets (sold in Spain) might be infected with Mariposa bot client.
The incident first came to light when Panda Security spotted Mariposa bot clients in the memory card of a HTC Magic set sold by Vodafone. Initially, the telecom giant tried to dismiss the event as an isolated incident. However, that theory was blown to shreds when Panda Security identified malware infections in another brand new HTC Magic handset purchased from Vodafone’s online website.
Vodafone has promised to get in touch with affected customers and will be providing them a new memory card. It will be providing instructions for how customers can access the free Panda online scan. Additionally, if will offer security suites to anyone whose system has been infected due to the memory device.
Mistakes can happen, but as far as mistakes go, distributing malware to thousands of users is amongst the more serious kind. It is nice to see Vodafone taking responsibility for their mistake and trying to redeem the situation. However, they still have some explaining left to do. What we really want to know is – How did this happen?
Image credit: Novarider.com
Vodafone, you screwed up. And, it was not an isolated incidence, as you would have us believe. Now admit it, and get your act together.
Earlier in the month, Panda Research had uncovered a Mariposa bot client in a brand new handset delivered by Vodafone. This unsettling revelation received widespread media coverage and prompted an employee of the Spanish IT security company S21Sec to scan his own phone. You have probably guessed the result by now. Yeah, much to his surprise, he found malwares on his own phone.
The HTC Magic handset in question is brand new and was ordered from the official Vodafone website. Analysis by the Panda Research team revealed that the handset was infected on March 1st, 2010, approximately a week before the handset was delivered by Vodafone.
A second occurrence is particularly unsettling because it indicates that the problem might be more widespread than initially reported. Vodafone has already pulled the HTC Magic, but they still have plenty of explaining to do.
Image credit: Novarider.com
Viruses and malware are not new to mobile devices, however, in a somewhat startling revelation, Panda Research blog discovered that Vodafone is distributing the Mariposa bot, Conficker and Lineage password stealing malware with HTC Magic phones.
The vulnerability was found in HTC Magic phone running the Android OS which was supplied by Vodafone Germany (based on the screenshots and German language used on the computer of the Panda AV employee). The alert was triggered by Panda Cloud AV, when the phone was plugged into the PC via USB.
Malicious code was found in the Autorun files, which automatically runs when a USB drive is connected to a PC. The malware in question was identified as Mariposa bot client, which is run by an unknown guy named "tnls". If users are infected with the virus it will automatically start contacting servers and sending data to them.
Also Read: Prevent Autorun.inf From Running on Inserting a USB Drive
In addition to the above bot, the researcher also found traces of Conficker virus along with a password stealing malware called Lineage. There were no reports about the phone being affected by the above, but PCs without appropriate protection would definitely be vulnerable to these viruses.
It is really startling to see that both Vodafone and HTC allowed these phones to be sold without extensive testing and checks. It is not known as too how many phones are affected, however, it is a safe bet to connect your phone to your PC (with AV running), and running a quick scan on the contents of the phone.
We have contacted Vodafone and HTC for a statement, will update this post when more information becomes available.
Image Credit: Novarider.com