Vodafone ships Mariposa-infected HTC Magic
Android phone comes riddled with bots
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Updated Vodafone has been blamed for shipping Mariposa botnet malware and other nasties on a HTC Magic Android smartphones it supplied.
The mobile phone giant's Spanish arm supplied an HTC Magic smartphone preloaded with malware that attempted to establish a backdoor for stealing information on connected PCs during the synchronisation process. Vodafone acknowledged the problem but said that the incident was an isolated and local problem, which came to light because the customer affected works for Spanish anti-virus firm Panda Security.
The extra code was a strain of the Mariposa bot client that attempted to connect to systems not associated with the recent arrests of three suspected botmasters in Spain, according to an analysis of the attack by Panda Security researcher Pedro Bustamante.
"A quick analysis of the malware reveals that it is in fact a Mariposa bot client," Bustamante explained. "This one, unlike the one announced last week which was run by Spanish hacker group 'DDP Team', is run by some guy named 'tnls' as the botnet-control mechanism shows.
"Once infected you can see the malware 'phoning home' to receive further instructions, probably to steal all of the user’s credentials and send them to the malware writer," he added.
The same mobile phone was also infected by Confiker and a Lineage password-stealing code, according to Panda. The incident came to light because the infected phone was sold to one of Bustamante's colleagues in Spain.
In a statement, Vodafone said the problem, which it is investigating, was isolated.
Vodafone takes the security and privacy of its customers extremely seriously and launched an immediate investigation into this incidentFollowing extensive Quality Assurance testing on HTC Magic handsets in several of our operating companies, early indications are that this was an isolated local incident
Vodafone keeps its security processes under constant review as new threats arise, and we will take all appropriate actions to safeguard our customers’ privacy.
Incidents where computing devices come preloaded with malware are far from unprecedented. Normally problems arise when computers used in manufacturing production lines are themselves infected. ®
Update
Although Panda's screenshot features Vodafone Germany the incident in question happened in Spain.
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
COMMENTS
XXXX takes XXXX extremely seriously
If I here another company say that again, I will go postal.
Obviously, you didn't take it seriously, you didn't even consider it all, and didn't put safeguards in place, otherwise it wouldn't of fucking happened in the first place.
Wow, talk about bad luck
So the ONE SD-Card that was infected was sold to an anti-virus worker? That's pretty bad luck for Vodafone.
And yeah, it's the SD-Card that's infected, not Android. Sort it out.
Open mouth. Carefully insert foot...
"Vodafone acknowledged the problem but said that the incident was an isolated problem, which came to light because the customer working for Spanish anti-virus firm Panda Security."
That appears to suggest that in Vodaphone's mind, it's only a problem if the malware is detected by someone who knows enough to understand what's happening...
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Data control in the cloud
