Memory Cards of 3,000 Phones Infected By Malware

itwbennett sends us a few links from IT World tracing a story about infected microSD cards in Vodaphone-supplied mobile phones. "The original report came on March 8 after an employee of Panda Security plugged a newly ordered HTC Magic phone from Vodafone into a Windows computer, where it triggered an alert from the antivirus software. Further inspection of the phone found the device's 8GB microSD memory card was infected with a client for the now-defunct Mariposa botnet, the Conficker worm, and a password stealer for the Lineage game. At that point it was at thought to be an issue with a specific refurbished phone. On Wednesday another phone surfaced with traces of the Mariposa botnet. And now Vodafone is saying that as many as 3,000 HTC Magic phones may be affected."

Re:iPhone pwnz

[quantumplacet]

this wasn't software downloaded from the internet for the phone, it appears the card was infected before it was put into the phone. the code wouldn't even execute on the phone, only if you plugged the phone into your computer and mounted the sd card. thus the walled garden wouldn't protect you and is completely unrelated.

Smart phones?

[Wowsers]

How long before dedicated code will be found to use smart mobiles for some kind of bot-nets?

Re:Smart phones?

[Jeng]

I don't know, but I bet it begins with social networking applications.

Probably the best way to hide a bot-net on a phone.

3,000 sounds like an arbitrary number

[grahamsaa]

How do they know it's not 2,000 or 10,000. Hell, earlier this week it was an "isolated incident."

Probably incidental

[mbessey]

In the one case I'm familiar with, which was at another company, the infection was traced to a single PC on the production floor that was just *packed* with malware. Apparently, it had been re-purposed from somebody's desk to the QA station when production capacity was expanded.

This was at a reputable, top-tier contract manufacturing company.