HTC Android Phones Found With Malware Pre-Installed

← Back to Stories (view on slashdot.org)

HTC Android Phones Found With Malware Pre-Installed

Posted by Soulskill on Tuesday March 9, 2010 @04:45AM from the saving-users-time-and-effort dept.

Trailrunner7 writes "Security researchers have found that Vodafone, one of the world's larger wireless providers, is distributing some HTC phones with malware pre-installed on them. The phone, HTC's Magic, runs the Google Android mobile operating system, and is one of the more popular handsets right now. A researcher at Panda Software received one of the handsets recently, and upon attaching it to her PC, found that the phone was pre-loaded with the Mariposa bot client. Mariposa has been in the news of late thanks to some arrests connected to the operation of the botnet."

32 of 158 comments (clear)

Min score:

Reason:

Sort:

It's not a bug by elrous0 · 2010-03-09 04:46 · Score: 4, Funny

It's an undocumented feature!

--
SJW: Someone who has run out of real oppression, and has to fake it.
1. Re:It's not a bug by Monkeedude1212 · 2010-03-09 05:29 · Score: 4, Funny
  
  You think THATS bad - I got my HTC phone with Windows Mobile 6.1 Pre Installed!
Pre-installed by 0racle · 2010-03-09 04:47 · Score: 3, Funny

No user intervention, IT JUST WORKS

--
"I use a Mac because I'm just better than you are."
Technically, not installed... by TheRaven64 · 2010-03-09 04:47 · Score: 5, Informative

The software in question was an autorun file, so it wasn't installed on the phone, it was just present on the phone's flash drive waiting to try to infect any OS stupid enough to automatically run programs from untrusted devices. It's not like the phone was running a botnet client and using up your data allowance sending spam, it was just a carrier.

--
I am TheRaven on Soylent News
1. Re:Technically, not installed... by clone53421 · 2010-03-09 04:54 · Score: 5, Insightful
  
  That’s a good distinction to make.
  Of course I immediately assumed they didn’t really mean “installed”, since it’s a Windows virus and an Android OS...
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
2. Re:Technically, not installed... by 56 · 2010-03-09 04:55 · Score: 4, Insightful
  
  Either way, that's pretty crazy. I wonder if it's a case of a rogue employee putting it there, or if it somehow got installed unntentionally by Vodafone. Or maybe the phone was used, returned, and re-sold without having the micro sd card formatted.
3. Re:Technically, not installed... by DarthVain · 2010-03-09 04:56 · Score: 2, Insightful
  
  "untrusted devices"
  Its not like this phone was bought on e-bay or some back ally. This is straight from the manufacture.
  It baffles me that products get through QA and carry viruses, Trojans or other malware, I mean come on.
4. Re:Technically, not installed... by sbeacom · 2010-03-09 05:01 · Score: 3, Insightful
  
  It's not really straight from the manufacturer is it?
  
  I'm not sure about how Vodafone works, but most carriers around here love to brand their phones. The issue it self seems to be isolated to just the Vodafone models so could it be part of the branding they do with the phones?
5. Re:Technically, not installed... by AndrewNeo · 2010-03-09 05:04 · Score: 2, Informative
  
  And if it's an autorun file, that means only XP and earlier, and very stupid users are vulnerable. Vista and 7 don't execute Autorun.exe by default.
6. Re:Technically, not installed... by clone53421 · 2010-03-09 05:13 · Score: 3, Informative
  
  Wrong, it was replaced with Autorun.inf, and Vista/7 do execute it if you choose to “Autoplay” the device. I believe the dialog will appear first to ask you what you want to do, but “Autoplay” is the top choice and is selected by default.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
7. Re:Technically, not installed... by Manax · 2010-03-09 05:16 · Score: 5, Insightful
  
  That's just ridiculous. Did you even read the summary? This isn't about you installing a trojan on your phone, or about how open the platform is or isn't. It's about it COMING FROM THE CARRIER that way. This could have just as easily happened to an iPhone and had a mac or PC virus on it...
  
  --
  "Why should I be content to simply live in this world, when I, as a human being, can CREATE it?" - Oertel
8. Re:Technically, not installed... by nicolas.kassis · 2010-03-09 05:21 · Score: 4, Informative
  
  Ok... go lookup the story about iPods loaded with trojans that got through QA. http://msmvps.com/blogs/spywaresucks/archive/2006/10/19/187622.aspx This has nothing to do with android/apple and everything to do with crappy manufacturing using infected windows PC that will infect any usb connected device.
9. Re:Technically, not installed... by clone53421 · 2010-03-09 05:24 · Score: 2, Insightful
  
  From what you said, several things are glaringly obvious about your set-up.
  No antivirus.
  You probably didn’t disable autoruns.
  Most importantly, UNPATCHED NETWORKED WINDOWS MACHINES. Your firewall is NOT enough to protect them.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
10. Re:Technically, not installed... by clone53421 · 2010-03-09 05:27 · Score: 2, Informative
  
  No... it will autoplay if you give it permission to autoplay.
  You don’t tell it to. It asks, and the default option is to allow it. All you have to do is click Ok.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
11. Re:Technically, not installed... by TubeSteak · 2010-03-09 05:33 · Score: 4, Insightful
  
  I can't seem to get the original panda research page to open, so here's the google cache
  http://74.125.113.132/search?q=cache:http://research.pandasecurity.com/vodafone-distributes-mariposa/
  It's funny how TFA treats "a researcher" and "one phone" as "some HTC phones".
  
  --
  [Fuck Beta]
  o0t!
12. Re:Technically, not installed... by beakerMeep · 2010-03-09 05:56 · Score: 2, Insightful
  
  Or maybe the "colleague" already had these viruses and they hopped over to the USB? Or maybe Panda just made it all up? Kinda hard to say when it's a single phone. But time to get out the pitchforks regardless! I like pitchforks.
  
  --
  meep
13. Re:Technically, not installed... by hduff · 2010-03-09 06:37 · Score: 2, Funny
  
  I see you want to install a Windows virus. Proceed?
  
  --
  "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
14. Re:Technically, not installed... by clone53421 · 2010-03-09 06:39 · Score: 2, Insightful
  
  First of all, please learn the difference between <strong> and <a href="">. One is bold, the other is a reference.
  Secondly, the “default” choice is still to execute the autorun. You just have to click Ok before it will perform the default action. I never said it autoruns without any prompting whatsoever; it prompts, and the default (highlighted) option is to autorun.
  It’s no different from installers that bundle the Google toolbar and the install option is checked by default. It’s no different from online forms where the “sign me up for your mailing list” option is checked by default.
  Yes, the user can manually override it, but they must have a reason to know that the “default” option is unwise. “Install the Google toolbar” is descriptive of what will happen. “Keep me informed of future products and special purchases” is descriptive of what will happen. “Autoplay” is not descriptive of what will happen in this case, because users expect a new hardware device to install itself when you plug it in and autoplay it. Installing malware is not something they’d expect.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
15. Re:Technically, not installed... by 56 · 2010-03-09 07:21 · Score: 2, Funny
  
  It was a bunch of pictures of this guy and his girlfriend in new york. there was also short video of him playing a guitar with his shirt off - i shit you not. i returned the phone and bitched the rogers guy out, and i got a $50 gift card. i now order my phones directly from rogers over the phone and then have them shipped to rogers video stores, instead of buying the phones in stock at rogers-licensed stores.
Easy way to stop this from happening by grahamsaa · 2010-03-09 04:54 · Score: 4, Insightful

I'm personally getting fed up with companies that allow this to happen. If companies that distribute devices that come pre-loaded with malware were fined heavily for each instance, they'd likely hire a few good devs and QA people to ensure that this sort of thing doesn't happen again.

There's absolutely no excuse for this. If you contract out development or manufacturing and that leads to this kind of security risk, there's still no excuse. Unfortunately as of right now there are few if any consequences associated with this type of negligence -- which means that companies aren't going to do much to improve their security practices.

--
Facts have a liberal bias.
Please by oldhack · 2010-03-09 04:54 · Score: 5, Funny

Linux is not a malware. Such smear tactic at slashdot must stop.

--
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
1. Re:Please by OzPeter · 2010-03-09 05:09 · Score: 2, Funny
  
  Apparently you think the Mariposa botnet is a... Linux distro? What are you smoking?
  Probably something similar to the (now ex-) QA employees
  
  --
  I am Slashdot. Are you Slashdot as well?
2. Re:Please by Dishevel · 2010-03-09 05:19 · Score: 2, Funny
  
  Whoosh
  
  --
  Why is it so hard to only have politicians for a few years, then have them go away?
You know Android has hit the big leagues by 0xdeadbeef · 2010-03-09 04:55 · Score: 5, Insightful

When people are trying to slander it. They're blaming everyone under the sun, when the most likely vector is a store employee who simply plugged the device into a computer and copied the file to the flash drive.
1. Re:You know Android has hit the big leagues by ducomputergeek · 2010-03-09 05:19 · Score: 2, Funny
  
  The bigger problem is that this is HTC, who also produces the Nexus for Google proper. Even if the attack vector was an employee at the store, it gives people a moment of pause. When was the last time you saw a Blackberry, Palm, Nokia, LG, Windows Mobile, or iPhone distributed with Malware from the store? (Other than anything with vCast)
  
  --
  "The problem with socialism is eventually you run out of other people's money" - Thatcher.
Now THAT's Multitasking! by WrongSizeGlass · 2010-03-09 04:57 · Score: 2, Funny

Enough said.

Queue the parade of iPhone drummers.

BTW, I wonder if this is one of the patents Apple is suing over
1. Re:Now THAT's Multitasking! by genghisjahn · 2010-03-09 05:10 · Score: 5, Funny
  
  Unfortunately, as an iPhone user, if I want to get malware my only option is to get it through the app store.
  
  --
  Sorry about the mess.
Impressive! by AliasMarlowe · 2010-03-09 05:06 · Score: 2, Interesting

Windows malware preinstalled on a Linux device?
Is it WINE-compatible, and can WINE even be installed on Android phones?

--
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Aha, it's an ad for Panda software by noidentity · 2010-03-09 05:36 · Score: 4, Insightful

Following the linked article, and following that to the original post, we find that first off, it's a single phone, not more than one that had this malware, and we are informed of the software that detected this, coincidentally the commercial product the researchers are working on:

The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious

I'm rushing out today to buy this software that can do such feats as detecting this malware. They have a Linux version, right?
Re:Patented! by genner · 2010-03-09 05:36 · Score: 2, Funny

So, is THIS what Apple was suing HTC over at the International Trade Commission? Does Apple have a patent on preloaded malware on smartphones?
If they do I'm sure Microsoft can claim prior art.
Oh? by SmallFurryCreature · 2010-03-09 05:49 · Score: 2, Insightful

I agree it has nothing to do with Android, but that case had most certainly something to do with Apple. They use those crappy manufacturing facilities to save a few bucks and then save even more by not doing proper QA.
And before you claim how innocent and harmless this is, consider what is happening to Toyota. Or the numerous quality issues with products from China and god knows how many more places. In order to maximize profits (because you can't claim cost savings are passed onto to the consumer with Apple products) they cut corners everywhere and sooner or later something has to give.
And long after guy who got the bonus for cutting costs has left, the shit starts to happen. Toyota used to be the largest and fast growing, with the economy not affecting it nearly as much as the other car makers. Now it can't shift its cars. And the money for huge cash injections has already been spent. This might end up hurting Toyota, and for what? A few cents more to the stock holders.
It will be interesting to find out how this phone got its extra payload, but ultimately the story will be, lack of quality control. And someday your life may depend on cut rate QA.

--

MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
C'mon slashdot. 1 phone, uncorroborated by beakerMeep · 2010-03-09 05:52 · Score: 4, Insightful

Dont go the way of kdawson, soulskill.

Next we'll be reading stuff like "My best friend's sister's boyfriend's brother's girlfriend heard from this guy who knows this kid who's going with the girl who saw Ferris pass out at 31 Flavors last night. I guess it's pretty serious. He might have Mariposa, or Confiker or something. Better get Ferris some AntiVirus software from PandaAV"

--
meep