March 9, 2010, 9:56AM
Vodafone-Distributed Handset Found Pre-installed With Mariposa Bot
9 Comments
Security researchers have found the Mariposa bot client pre-installed on a mobile phone handset distributed in Europe, and say that the malware looks to have been installed on the phone's memory card.
The phone, the HTC Magic, runs the Google Android mobile operating system, and is a low-priced handset distributed by Vodafone. A researcher at Panda Security received one of the handsets recently, and upon attaching it to her PC, found that the phone was pre-loaded with the Mariposa bot client. Mariposa has been in the news of late thanks to some arrests connected to the operation of the botnet.
Editor's Pick
However, that was not the only malware the Panda researcher found on the phone.
"Interestingly enough, the Mariposa bot is not the only malware I found on the Vodafone HTC Magic phone. There’s also a Confiker and a Lineage password stealing malware. I wonder who’s doing QA at Vodafone and HTC these days," Pedro Bustamante of Panda wrote in a blog post on the incident. The phone was purchased new in Spain.
In the comments of the post, Bustamante says that the malware was found on the memory card and not the phone's file system. The bot was found on one phone, although Bustamante said that the company is buying some more of the Magic handsets to see if the malware shows up on others.
In a statement, HTC said they believe the problem was contained.
"HTC operates rigorous quality assurance testing of all products entering the market. We believe this was an isolated incident but are working closely with Vodafone to investigate thoroughly," the company said.
John Leyden at The Register reports that Vodafone has investigated the incident and found it to be a local, isolated problem. "Following extensive Quality Assurance testing on HTC Magic handsets in several of our operating companies, early indications are that this was an isolated local incident," Vodafone told Leyden in a statement.
After the researcher plugged the HTC phone into the PC, the Mariposa client began trying to infect other PCs in the local network and also started trying to contact a remote server. The Panda researcher found that the client was not being run by the same group of alleged Spanish hackers who were arrested last week, but by someone named "tnls."
Pre-installing malware on hardware devices such as phones, digital photo frames, USB keys and others has become a favored attack vector for criminals. It simply takes one weak link in the supply chain, which can include dozens of countries around the globe, to plant the malware on thousands or millions of devices.
The main Mariposa botnet was shut down recently, and security researchers have taken control of the botnet's command-and-control channels. The takedown was a large cooperative effort among various security companies, including Panda and Defence Intelligence, and law enforcement agencies, a paradigm that is becoming more common in recent months as experts continue to focus their attention on the massive botnet epidemic.
Researchers at Microsoft, working closely with law enforcement officials, recently shut down the Waledac botnet, a smaller operation that had been peppering user's of Microsoft's Hotmail service with billions of spam messages for some time.
*This story has been updated to clarify that the malware was found on the memory card, not the file system, and to add Vodafone's statement to The Register. The headline also was updated to reflect the new information.
Commenting on this Article is closed.
Today's Most Popular
- Inside a Hacker Forum
- Phony Temple Run Game For Android Plays On Android-iOS App Gap
- Researchers Discover Android Mobile Botnet 100k Strong
- Twenty Something Asks Facebook For His File And Gets It - All 1,200 Pages
- Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit
Most Commented Stories
Newsletter Sign-up
Take Our Poll
Follow Threatpost
 |  |  |  |
| Tumblr |
Comments
Sounds like bollocks to me. 1 phone out of the 1000s sold? Prob a refurb or some spotty oik in the shop using it before selling it, otherwise this would definitely have been spotted earlier.
The title of this is VERY misleading as you suggest that HTC are to blame when they are not. When you plug an Android phone into a computer you see the inserted memory card and not the phone itself. This is down do the memory card and Vodafone's supplier or some rogue employee(s). I'd consider retracting/changing the title of this before HTC lawyers start calling.
This article is useless. Where are the instructions or links that show how to check if the phone you have has this bot installed already?
BS
Are you trying to sell your product or what?
None of this is installed on the phone, the phone does not run windows binaries.
If I were HTC and Google I would be suing the crap out of you about now.
If you read the entire post on Panda's site, including the comments, the phone was new in the package when it was delivered. Not opened. And it looks like the malware was on the memory card.
Yes, but that doesn't mean that you can just publish an article with a headline suggesting that HTC are responsible. The phone was no pre-installed with the malware. As far as I know the cards are supplied by the carriers anyway, not the manufacturers. Your headline is sensationalistic and simply not true. The content of the article say that the phones come preinstalled with the virus, a fallacy. And, according to the original article, IT HAS ONLY BEEN FOUND ON ONE PHONE. Do yourself a favour and amend this article.
You're correct. The headline was not accurate, and it's been changed. I also updated the story to make it clear the the bot was on the card, not the filesystem. Those were my mistakes. Thanks for pointing them out.
Much appreciated. Sorry for being so forthright.
the good phone, win mobile 6.1 my phone is hetece hd2
htc support forum
http://www.hetece.com