Slashdot Mirror
HTC Android Phones Found With Malware Pre-Installed
Trailrunner7 writes "Security researchers have found that Vodafone, one of the world's larger wireless providers, is distributing some HTC phones with malware pre-installed on them. The phone, HTC's Magic, runs the Google Android mobile operating system, and is one of the more popular handsets right now. A researcher at Panda Software received one of the handsets recently, and upon attaching it to her PC, found that the phone was pre-loaded with the Mariposa bot client. Mariposa has been in the news of late thanks to some arrests connected to the operation of the botnet."
I'm personally getting fed up with companies that allow this to happen. If companies that distribute devices that come pre-loaded with malware were fined heavily for each instance, they'd likely hire a few good devs and QA people to ensure that this sort of thing doesn't happen again.
There's absolutely no excuse for this. If you contract out development or manufacturing and that leads to this kind of security risk, there's still no excuse. Unfortunately as of right now there are few if any consequences associated with this type of negligence -- which means that companies aren't going to do much to improve their security practices.
Facts have a liberal bias.
That’s a good distinction to make.
Of course I immediately assumed they didn’t really mean “installed”, since it’s a Windows virus and an Android OS...
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Either way, that's pretty crazy. I wonder if it's a case of a rogue employee putting it there, or if it somehow got installed unntentionally by Vodafone. Or maybe the phone was used, returned, and re-sold without having the micro sd card formatted.
When people are trying to slander it. They're blaming everyone under the sun, when the most likely vector is a store employee who simply plugged the device into a computer and copied the file to the flash drive.
It's not really straight from the manufacturer is it?
I'm not sure about how Vodafone works, but most carriers around here love to brand their phones. The issue it self seems to be isolated to just the Vodafone models so could it be part of the branding they do with the phones?
That's just ridiculous. Did you even read the summary? This isn't about you installing a trojan on your phone, or about how open the platform is or isn't. It's about it COMING FROM THE CARRIER that way. This could have just as easily happened to an iPhone and had a mac or PC virus on it...
"Why should I be content to simply live in this world, when I, as a human being, can CREATE it?" - Oertel
I can't seem to get the original panda research page to open, so here's the google cache
http://74.125.113.132/search?q=cache:http://research.pandasecurity.com/vodafone-distributes-mariposa/
It's funny how TFA treats "a researcher" and "one phone" as "some HTC phones".
[Fuck Beta]
o0t!
Following the linked article, and following that to the original post, we find that first off, it's a single phone, not more than one that had this malware, and we are informed of the software that detected this, coincidentally the commercial product the researchers are working on:
I'm rushing out today to buy this software that can do such feats as detecting this malware. They have a Linux version, right?
Dont go the way of kdawson, soulskill.
Next we'll be reading stuff like "My best friend's sister's boyfriend's brother's girlfriend heard from this guy who knows this kid who's going with the girl who saw Ferris pass out at 31 Flavors last night. I guess it's pretty serious. He might have Mariposa, or Confiker or something. Better get Ferris some AntiVirus software from PandaAV"
meep