Mar 9th, 2010

vodafone-virusConspiracy theorists start your engines! In what Vodafone is calling “an isolated incident”, the carrier sold a mobile phone pre-loaded with malware which – when connected to a computer – attempted to send personal information back to the malware creator:

The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious. A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into.

A quick analysis of the malware reveals that it is in fact a Mariposa bot client. This one, unlike the one announced last week which was run by spanish hacker group “DDP Team”, is run by some guy named “tnls” as the botnet-control mechanism shows…

And it gets worse. The Mariposa wasn’t the only malware – the HTC Magic was packed with Confiker and Lineage password stealing viruses as well. The source of this story claims the phone was purchased brand new, directly from Vodafone, and the malware was all pre-installed out of the box.

This begs the question – how is this happening? Is someone on the HTC production line plopping this in along the way? Or is a Vodafone employee opening Androids off the shelf and loading them locally before they’re sent out? Hopefully the carrier gets to the bottom of this although it isn’t the first and won’t be the last time something like this has happened.

One question you’ll want to ask yourself is about the source of the news. Not only was the “malware” on the phone (when connected to computer) detected by Panda Cloud Antivirus but the consumer who this happened to was – you guessed it – a Panda Security employee. Not only that but the story first appeared on the Panda Security Research Blog. I’m thinking this could mean one of two things:

  1. Panda Security wanted to find a creative way to push more sales of their software and inventing a “phone virus” story was their vehicle
  2. The Panda employee happened to catch it because hey – they’re in the industry – and many more consumers less privvy to malware are currently connecting their phones and sharing personal information having personal information stolen without knowing.

You’ve got to give Panda the benefit of the doubt in this case and they seem like a successful and respectable company. Not to mention the fact that Vodafone came out with a statement which, in many ways, seems like an admission of guilt:

Vodafone takes the security and privacy of its customers extremely seriously and launched an immediate investigation into this incident

Following extensive Quality Assurance testing on HTC Magic handsets in several of our operating companies, early indications are that this was an isolated local incident

Vodafone keeps its security processes under constant review as new threats arise, and we will take all appropriate actions to safeguard our customers’ privacy.

For those that quickly attempt to jump on Android, claiming this is the reason “open” is bad – don’t judge too quickly. This could just as easily happen when you’re buying a laptop, desktop, or phone with a different OS. The scary part is that this type of thing is really happening.

Any similar stories readers care to share?

local_offer    HTC  Vodafone