Mariposa bot distributed by Vodafone's infected phone
Posted on 09 March 2010.
Following yesterday's news about the Energizer DUO USB recharger that infects PCs with a Trojan, here is another piece of equipment whose software comes bundled with malware: the new Vodafone HTC Magic with Google’s Android OS.


The massive infection potential was commented on by a Panda Security's researcher, who says that the phone in question is distributed by Vodafone "to its userbase in some European countries and it seems affordable as you can get it for 0€ or 1€ under certain conditions."

The researcher has been alerted to the possibility of the phone carrying malware by a colleague who, upon receiving the phone, connected it to her PC and triggered a warning by the company's cloud AV solution: two files, autorun.inf and autorun.exe are malicious.

It turns out that the phone is infected with a Mariposa bot client that enlists the PC into a botnet run by someone that goes by the handle "tnis". The C&C centres are located at:
  • mx5.nadnadzz2.info
  • mx5.channeltrb123trb.com
  • mx5.ka3ek2.com.
Once the PC is infected, you can see the malware contacting the centers for further instructions:


But that's not the end of it - the researcher also found a Confiker and a Lineage password stealing malware on the phone, making him wonder just what kind of Quality Assurance operation Vodafone and HTC are running.

Vodafone released a statement saying that "early indications are that this was an isolated local incident".






Spotlight

Review: Bulletproof SSL and TLS

Posted on 12 September 2014.  |  Deploying SSL or TLS in a secure way is a great challenge for system administrators. This book aims to simplify that challenge by offering extensive knowledge and good advice - all in one place.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 15th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //