×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Memory Cards of 3,000 Phones Infected By Malware

kdawson posted about 4 years ago | from the speak-clearly-so-the-botnet-can-hear dept.

Cellphones 63

itwbennett sends us a few links from IT World tracing a story about infected microSD cards in Vodaphone-supplied mobile phones. "The original report came on March 8 after an employee of Panda Security plugged a newly ordered HTC Magic phone from Vodafone into a Windows computer, where it triggered an alert from the antivirus software. Further inspection of the phone found the device's 8GB microSD memory card was infected with a client for the now-defunct Mariposa botnet, the Conficker worm, and a password stealer for the Lineage game. At that point it was at thought to be an issue with a specific refurbished phone. On Wednesday another phone surfaced with traces of the Mariposa botnet. And now Vodafone is saying that as many as 3,000 HTC Magic phones may be affected."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

63 comments

iPhone pwnz (-1)

Anonymous Coward | about 4 years ago | (#31542010)

We behind the walled garden laugh at your plight!

Re:iPhone pwnz (5, Informative)

quantumplacet (1195335) | about 4 years ago | (#31542054)

this wasn't software downloaded from the internet for the phone, it appears the card was infected before it was put into the phone. the code wouldn't even execute on the phone, only if you plugged the phone into your computer and mounted the sd card. thus the walled garden wouldn't protect you and is completely unrelated.

Re:iPhone pwnz (0)

Anonymous Coward | about 4 years ago | (#31542512)

Unless itcan automagically start VMWare to use Windows XP, the code can't do shit.

Re:iPhone pwnz (2, Insightful)

wprowe (754923) | about 4 years ago | (#31542946)

Since the walled garden (iPhone) doesn't have an SD card slot, we would not be affected. So the walled garden does protect us.

Re:iPhone pwnz (0)

Anonymous Coward | about 4 years ago | (#31546542)

That's why I still carry my Nokia circa 1977. It like the iPhone is superior because its lack of function keeps me safe.

Posting AC because Mac fanbois are zealots & have modpoints

Re:iPhone pwnz (0)

Anonymous Coward | about 4 years ago | (#31547036)

Somebody said it, well now I don't have to, limiting features does indeed limit the trouble that can be achieved by those features, just ask any cave man, darn, I said it anyways.

Re:iPhone pwnz (1)

abulafia (7826) | about 4 years ago | (#31547672)

Except for the fact that, you know, 3K phones were infected. I don't like Apple's game, but denying that it keeps this sort of shit out of the ecosystem is silly. You make yourself look like a fool.

Re:iPhone pwnz (-1, Flamebait)

Anonymous Coward | about 4 years ago | (#31543716)

Please, it isn't the walled garden. It is properly called the "Lavender Curtain" - it may protect you but it is also turning you gay at the same time.

Let me just say... (0)

Anonymous Coward | about 4 years ago | (#31542062)

Oops.

Cleary the worst example of pre-installed software (0)

Anonymous Coward | about 4 years ago | (#31542104)

Since Dell prepped a new machine for shipping.

Re:Cleary the worst example of pre-installed softw (1)

Jeng (926980) | about 4 years ago | (#31542176)

Probably occurred in much the same as it did for Dell. Someone went and used a production computer for personal use.

You would figure that all the computers on the factory floor would be locked down tight.

Re:Cleary the worst example of pre-installed softw (2, Interesting)

dave562 (969951) | about 4 years ago | (#31542300)

Why would an SD card come anywhere near a PC during the manufacturing process? Aren't they fabricated in large batches, not unlike RAM or CPUs? The only part of the process that I would think might involve a PC would be the formating at the end. Yet it seems like they'd have a dedicated hardware device that formats multiple chips at a time.

Re:Cleary the worst example of pre-installed softw (2, Interesting)

fuzzyfuzzyfungus (1223518) | about 4 years ago | (#31542640)

I would strongly suspect that(for reasons of economics) the "dedicated hardware device" that formats multiple chips at the same time is based on a commodity PC, probably running XP, running some hacked-together program for doing the formatting and testing.

The only real question is whether the hardware interface between the commodity PC components and the large number of SD cards is something fairly custom, or basically just a whole lot of USB SD card readers mounted in some sort of frame. A specialized interface could probably be quite useful in a heavily automated situation, particularly if it consisted of some sort of contact array that could connect to an entire tray of cards in one robotic motion; but if you are using human labor for this step, the ability to build a large array of ports for under $10/port, easily swapping out any whose contacts wear out, is probably pretty attractive.

Re:Cleary the worst example of pre-installed softw (0)

Anonymous Coward | about 4 years ago | (#31543044)

It is also likely that said SD cards have factory preinstalled files such as wallpapers, ringtones, etc. so even if there is a machine that isn't even remotely attached to a PC, a PC had to be used to make the master image that gets dumped onto all these SD cards.

I would imagine it works like some of the HD duplicators out there. a machine full of SD slots, one of them is a master slot and the rest of them get the blank cards. whatever is plugged into the master slot gets cloned to the rest of the cards.

at some point that card in the master slot had to be in a PC to setup the directory structure, copy in files, etc.

Re:Cleary the worst example of pre-installed softw (1)

david_thornley (598059) | about 4 years ago | (#31542762)

It happened with some iPods several years back. As far as I heard, the iPods were quality-tested using an infected Windows machine in the Chinese factory.

Smart phones? (4, Interesting)

Wowsers (1151731) | about 4 years ago | (#31542122)

How long before dedicated code will be found to use smart mobiles for some kind of bot-nets?

Re:Smart phones? (4, Insightful)

Jeng (926980) | about 4 years ago | (#31542144)

I don't know, but I bet it begins with social networking applications.

Probably the best way to hide a bot-net on a phone.

Re:Smart phones? (0)

Anonymous Coward | about 4 years ago | (#31542598)

You mean to tell me that the MotoBlur isn't that already?

Malware and what else... (1)

swanzilla (1458281) | about 4 years ago | (#31542136)

...do you suppose shipped out on those SD cards. I know where my mind strays, but more likely it was probably a bunch of pictures of cats and annoying ringtones.

Honest Question (3, Interesting)

DIplomatic (1759914) | about 4 years ago | (#31542150)

Is stuff like this malicious? Like someone at the memory card plant put the virus executables on the hardware? Or is it just a case of the worker having an infected computer, which then infected the memory cards?

Re:Honest Question (0)

Anonymous Coward | about 4 years ago | (#31542650)

So far as I know, Mariposa doesn't use Conficker to spread, but uses other malware to get about. I'll probably be corrected on this, but it sounds deliberate.

Probably incidental (5, Interesting)

mbessey (304651) | about 4 years ago | (#31542864)

In the one case I'm familiar with, which was at another company, the infection was traced to a single PC on the production floor that was just *packed* with malware. Apparently, it had been re-purposed from somebody's desk to the QA station when production capacity was expanded.

This was at a reputable, top-tier contract manufacturing company.

Re:Probably incidental (1)

The Angry Mick (632931) | about 4 years ago | (#31543796)

Apparently, it had been re-purposed from somebody's desk to the QA station when production capacity was expanded.

Re-purposed and not cleaned beforehand? I thought it was SOP to wipe the drives of any re-purposed machine . . .

Re:Probably incidental (2, Insightful)

Belial6 (794905) | about 4 years ago | (#31544146)

No, it SHOULD be SOP. It should be trivial, but I haven't been in a single business where it actually was SOP. I'm not saying that there are not businesses that do it right, but you don't get to look like a hero fixing computer problems if there are no computer problems to fix.

Re:Probably incidental (1)

Hamsterdan (815291) | about 4 years ago | (#31547266)

Why The Fsck are they using Windows to format SD cards?

Since most cards are in Fat32, Linux can do it, OSX can do it, BeOS could do it, and my guess is even eComstation can do it.

Why the heck are they using a *Windows* machine to prep the card in the beginning?

3,000 sounds like an arbitrary number (4, Insightful)

grahamsaa (1287732) | about 4 years ago | (#31542186)

How do they know it's not 2,000 or 10,000. Hell, earlier this week it was an "isolated incident."

Re:3,000 sounds like an arbitrary number (1)

FlyingBishop (1293238) | about 4 years ago | (#31542258)

Don't know how many phones they make a year, but in a phone market that sells hundreds of millions of phones each year, 3,000 is a pretty isolated incident. Even 10,000 isn't that much.

Re:3,000 sounds like an arbitrary number (0)

Anonymous Coward | about 4 years ago | (#31542280)

it sounds like a completely arbitrary number. In related news, they also said the cards might be in other phones, not just the HTC ones.

Re:3,000 sounds like an arbitrary number (2, Insightful)

Zerth (26112) | about 4 years ago | (#31542560)

Perhaps they run them in batches of 3000 and the skid before and the skid after were clean?

Re:3,000 sounds like an arbitrary number (2, Funny)

BlueBoxSW.com (745855) | about 4 years ago | (#31542660)

When you take the number of HTC Magic phones that shipped, and subtract the number that were returned, you get 3,000.

OK, that was mean. I've gotta get outside.

Re:3,000 sounds like an arbitrary number (1)

commodore64_love (1445365) | about 4 years ago | (#31542962)

>>>"Democracy is the pathetic belief in the wisdom of collective ignorance." -- H.L. Mencken

Actually studies have found that when you take a mob of people, and have them make guesses, they often come-up with the right answer. For example, ask an audience to guess how many jellybeans are in a jar, average their answers, and you'll have the correct answer +/- 1 jellybean.

BACK TO TOPIC:

What good is an 8 gigabyte RAM card? You can't even run Windows 95 on that?

Re:3,000 sounds like an arbitrary number (2, Informative)

WhatAmIDoingHere (742870) | about 4 years ago | (#31543074)

Windows 95:
"Official system requirements were an Intel 80386 DX CPU of any speed, 4 MB of system RAM, and 120 MB of hard drive space."

Re:3,000 sounds like an arbitrary number (2, Informative)

commodore64_love (1445365) | about 4 years ago | (#31543320)

"This configuration was distinctly suboptimal for any productive use..... if any networking or similar components were installed the system would refuse to boot with 4 megabytes of RAM. To achieve optimal performance, Microsoft recommends an Intel 80486 or compatible microprocessor with at least 8 MB of RAM."

Apparently even back then Microsoft was taking the ACTUAL requirements, and dividing them in half, like when they claimed Vista would work on 1/2 gig of RAM when it clearly could not.

Re:3,000 sounds like an arbitrary number (0)

Anonymous Coward | about 4 years ago | (#31544074)

I guess it depends on what you're looking run on a machine.

Vista RC1 ran Office 2003, IE/FF, etc. just fine on 1 GB of RAM (on Pentium D 1.8 GHz SFF Dell Optiplexes designed for XP no less) in testing for a company I previously worked for.

I'll agree that 95 SR2 didn't seem to be very happy w/ anything under a 486 w/ 8MB of RAM though.

Whew! Glad I Use Windows Mobile (0)

Anonymous Coward | about 4 years ago | (#31542320)

It's like Apple, too small a base to target !!

http://www.theinquirer.net/inquirer/news/1597220/mac-os-x-zero-day-flaws [theinquirer.net]

Re:Whew! Glad I Use Windows Mobile (2, Funny)

commodore64_love (1445365) | about 4 years ago | (#31543064)

Glad I use Virgin Mobile!

Like Amiga nobody's ever heard of it... not even virus writers.

Re:Whew! Glad I Use Windows Mobile (1)

DrVxD (184537) | about 4 years ago | (#31543302)

nobody's ever heard of it... not even virus writers.

But when they do, it'll be fucked - and that's the end of its Virginity.

Re:Whew! Glad I Use Windows Mobile (1)

Inda (580031) | about 4 years ago | (#31544844)

I know you jest but everyone knows the Virgin brand. Everyone knows Branson has his fingers in all the pies.

Virgin, Tesco and the other MVNOs are going to fight it out soon. I wouldn't be surprised if Virgin won.

It's a Windows malware, right? (1, Interesting)

Anonymous Coward | about 4 years ago | (#31542458)

From TFA:
With the first phone, the Mariposa botnet code automatically ran and attempted to infect a computer. Mariposa was at one time one of the largest botnets, but security researchers were able to shut it down in December after disabling its command-and-control servers

It's a Windows malware, right? So a "Windows" computer connect to the phones sdcard and attempts to autorun whatever on it.
I don't see how the malware can somehow activated and affect Android Linux O/S running on ARM chip inside a user-mode VM.
Do botnets have legs now?

Re:It's a Windows malware, right? (2, Insightful)

OrwellianLurker (1739950) | about 4 years ago | (#31542782)

From TFA: With the first phone, the Mariposa botnet code automatically ran and attempted to infect a computer. Mariposa was at one time one of the largest botnets, but security researchers were able to shut it down in December after disabling its command-and-control servers

It's a Windows malware, right? So a "Windows" computer connect to the phones sdcard and attempts to autorun whatever on it. I don't see how the malware can somehow activated and affect Android Linux O/S running on ARM chip inside a user-mode VM. Do botnets have legs now?

It's irrelevant what operating system the malware operates on. The fact that malware came pre-loaded is troubling.

Re:It's a Windows malware, right? (1)

mpe (36238) | about 4 years ago | (#31550960)

It's irrelevant what operating system the malware operates on. The fact that malware came pre-loaded is troubling.

Especially given that there's no good reason for memory cards to come "pre-loaded" with anything at all and the phone's firmware has the ability to format memory cards.

Lineage (2, Funny)

Chees0rz (1194661) | about 4 years ago | (#31542778)

Can I just say it's amazing that Lineage is still popular enough in Asian countries that people are stealing passwords for it like this. If only it held on in the US... that game gave me so many lovely hours of punching ents.

No bark... no fruit!

Re:Lineage (1)

WhatAmIDoingHere (742870) | about 4 years ago | (#31543096)

I'm surprised that we don't see more things like this here in the US with World of Warcraft. It's huge and hacked accounts generate a ton of gold that can be sold for a lot of money.

Format (1)

sexconker (1179573) | about 4 years ago | (#31542964)

Format your storage media before you use it.
China or not.

Until malware in firmware becomes widespread enough to worry about, or until they inject malware into blank optical discs, it's a simple step that will prevent a lot of shit.

what s the safest cellphones? (0)

Anonymous Coward | about 4 years ago | (#31543060)

I'm one of the nerdiest /. nerd. This post typed on an old IBM Model M (a modded 'blind' one, mind you) and I've got several of these. Next to me is an HP LasertJet 4M+ which gives me an erection everytime I netcat a PostScript file directly to its IP address (I also have got several of these and I "upgrade" them etc.).

Yet I don't care about apps on my phone. I don't care about surfing with my phone. I don't care about calendar on my phone.

I actually don't give a flying f*ck about my phone (please don't mod troll nor spam). To me it's really just a device allowing to give and answer calls.

I've got two 24" screens and I work on them 10 hours / day and when I'm off the online world, I'm off: I don't want to check my GMail account anymore, I don't want to follow my eBay auctions. I'm done.

I just want a cellphone that allows, well, you know, to call people.

What would be the simplest, easiest, cellphone with the least functionality (no bluetooth, no Java, no appstore, no memory card) that would fit me?

You know, one with ten numbers and a "call" and a "hang up" button?

Re:what s the safest cellphones? (2, Interesting)

plover (150551) | about 4 years ago | (#31544680)

I just want a cellphone that allows, well, you know, to call people.

What would be the simplest, easiest, cellphone with the least functionality (no bluetooth, no Java, no appstore, no memory card) that would fit me?

You know, one with ten numbers and a "call" and a "hang up" button?

You say you want "simplest and easiest". Think deeply about what you're trying to do. Do you actually want to talk to a "number", or do you really intend to talk to a specific person? This is a real question, and not intended to be a smart-assed comment.

Most people assume a simple phone is one that dials numbers, but that's because we've been trained by 80 years of technological limits that have forced us to abstract human conversations behind strings of digits. With new phones that have contact lists, you don't need the numbers other than for initial input into the machine. You set the number once (or save it if they call you first) and never dial the digits again.

That leads directly to a repeat of the first question: do you want to hunt through a contact list, or do you still just want to talk to someone? Again, we've been trained by the limits of our recent cell phone technology to accept 2=ABC, 3=DEF, etc. But that sucks for searching. Arrow-up and arrow-down are frustrating for average numbers of contacts, and the experience gets worse the more people you know.

If you honestly want to just talk to someone, you should really be asking for a phone with voice recognition dialing. Motorola, Nokia, Apple, Sony Ericsson all have phones that can voice dial without training based on the names you've entered in the contact list, and I'm sure there are many others out there. Pushing the "call" button and saying "Call John Smith" is about as simple and easy and clear and direct as it gets. You should look into that, rather than constraining your requirements with limits that no longer need to exist.

Re:what s the safest cellphones? (1)

petermgreen (876956) | about 4 years ago | (#31547172)

there are some very basic phones available intended for old folks. Often they have things like big buttons and big displays too. e.g. http://www.doro.com/global/businessunit/dorocare/Product?c=11900&p=330GSM [doro.com] (that one doesn't do the US bands unfortunately but I'd be very surprised if there weren't similar devices that did)

For the most part though if you still have decent vision I'd suggest just getting a basic nokia and ignoring any features you aren't interested in.

Do you... (0)

Anonymous Coward | about 4 years ago | (#31543450)

Believe in magic? I sure as hell don't. iPhone FTW!!!!

Found csrxx.exe on myTouch 3G (0)

Anonymous Coward | about 4 years ago | (#31543670)

Decided to perform a virus scan on my newly aquired myTouch 3G phone which comes with an 8GB memory card, and my antivirus showed two infected files. Time to give T-Mobile a friendly call.

Anti-virus programs not so stupid? (1)

godel_56 (1287256) | about 4 years ago | (#31543718)

There are frequent slashdot postings saying that anti-virus programs are a waste of time.

Maybe this is one example of why it might be a good idea to have one available for an occasional scan. Admittedly anyone running a *nix based computer would not have had a problem with this malware.

Re:Anti-virus programs not so stupid? (1)

RAMMS+EIN (578166) | about 4 years ago | (#31544824)

``Admittedly anyone running a *nix based computer would not have had a problem with this malware.''

I can't help but wonder "how long?"

How long until we *nix users start having to bog down our systems in order to slow the flood of malware that would otherwise corrupt them?

Re:Anti-virus programs not so stupid? (1)

grcumb (781340) | about 4 years ago | (#31546890)

``Admittedly anyone running a *nix based computer would not have had a problem with this malware.''

I can't help but wonder "how long?"

How long until we *nix users start having to bog down our systems in order to slow the flood of malware that would otherwise corrupt them?

Given that viruses and other malware have been a fact of life for as long as I've been using PCs (i.e. early '90s), and that they have never been an issue for Mac or Linux, even in the days when Macs were nearly as numerous as PCs, I'm inclined to say that day will never come.

What's more likely is that -just like Unix/Linux did- Windows will ultimately drag itself out of the morass of insecurity in which it's currently mired. Eventually....

... Possibly even in my lifetime. 8^)

No surprise (1)

inkrypted (1579407) | about 4 years ago | (#31544374)

This comes as no surprise to me and I remember thinking when i saw console systems such as the Dreamcast go online how long will it be before these systems act as gateways for malware as they continue to make devices more networkable. Now days with all the major consoles and smart phones online and tethiered to your PC it seems more dangerous than ever. How many of you have anti virus for your Playstation 3 , Xbox 360, WII, Iphone, or Droid?

oh crap (1)

Maave (1770224) | about 4 years ago | (#31545344)

Holy crap, that's a lot more phones than I last read. And the Mariposa botnet isn't completely out of the picture. It may be old, but it's still a possible threat, especially if someone has access to phone cards.

Similiar Experience (3, Informative)

boliboboli (1447659) | about 4 years ago | (#31548000)

I purchased a digital picture frame made by Insignia in 2008. When Plugged into my PC my AV(Nod32 Eset) found two files it listed as viruses. After removing them, the picture frame worked fine.

About a month later Insignia sent a letter explaining there may have been viruses on the internal memory of the frame.I think this happens quite a bit.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...