Forgot your password?
typodupeerror
Android Botnet Cellphones Security IT

HTC Android Phones Found With Malware Pre-Installed 158

Posted by Soulskill
from the saving-users-time-and-effort dept.
Trailrunner7 writes "Security researchers have found that Vodafone, one of the world's larger wireless providers, is distributing some HTC phones with malware pre-installed on them. The phone, HTC's Magic, runs the Google Android mobile operating system, and is one of the more popular handsets right now. A researcher at Panda Software received one of the handsets recently, and upon attaching it to her PC, found that the phone was pre-loaded with the Mariposa bot client. Mariposa has been in the news of late thanks to some arrests connected to the operation of the botnet."
This discussion has been archived. No new comments can be posted.

HTC Android Phones Found With Malware Pre-Installed

Comments Filter:
  • by elrous0 (869638) * on Tuesday March 09, 2010 @12:46PM (#31415426)
    It's an undocumented feature!
    • by Pojut (1027544)

      It's a perfectly cromulent feature. I mean come on...malware preinstalled? That rocks tits to dust.

      • Impressive! (Score:3, Interesting)

        by AliasMarlowe (1042386)
        Windows malware preinstalled on a Linux device?
        Is it WINE-compatible, and can WINE even be installed on Android phones?
        • Doesn't need too, the android device acts like a usb disk when attached to a PC. Add that to auto start and boom, you are infected.
          • by g253 (855070)
            Althoug it doesn't auto-mount. At least if you use the usb cable to recharge it at work or something, you're ok.
    • by Monkeedude1212 (1560403) on Tuesday March 09, 2010 @01:29PM (#31416074) Journal

      You think THATS bad - I got my HTC phone with Windows Mobile 6.1 Pre Installed!

    • by mcgrew (92797) *

      From TFS: "Security researchers have found that Vodafone, one of the world's larger wireless providers, is distributing some HTC phones with malware pre-installed on them.

      Does Sony own Vodaphone? If so you're probably right; XCP was put in music CDs on purpose. I wouldn't be surprised if this malware was put there on purpose, too, even if Sony doesn't own Vodaphone.

      Yes, I'm a cynical old fart, but that comes from getting screwed over for decades. Ah, to be young and idealistic again!

  • by 0racle (667029) on Tuesday March 09, 2010 @12:47PM (#31415440)
    No user intervention, IT JUST WORKS
  • by TheRaven64 (641858) on Tuesday March 09, 2010 @12:47PM (#31415446) Journal
    The software in question was an autorun file, so it wasn't installed on the phone, it was just present on the phone's flash drive waiting to try to infect any OS stupid enough to automatically run programs from untrusted devices. It's not like the phone was running a botnet client and using up your data allowance sending spam, it was just a carrier.
    • by clone53421 (1310749) on Tuesday March 09, 2010 @12:54PM (#31415536) Journal

      That’s a good distinction to make.

      Of course I immediately assumed they didn’t really mean “installed”, since it’s a Windows virus and an Android OS...

    • by 56 (527333) on Tuesday March 09, 2010 @12:55PM (#31415562)
      Either way, that's pretty crazy. I wonder if it's a case of a rogue employee putting it there, or if it somehow got installed unntentionally by Vodafone. Or maybe the phone was used, returned, and re-sold without having the micro sd card formatted.
      • Re: (Score:3, Insightful)

        by beakerMeep (716990)
        Or maybe the "colleague" already had these viruses and they hopped over to the USB? Or maybe Panda just made it all up? Kinda hard to say when it's a single phone. But time to get out the pitchforks regardless! I like pitchforks.
    • Re: (Score:3, Insightful)

      by DarthVain (724186)

      "untrusted devices"

      Its not like this phone was bought on e-bay or some back ally. This is straight from the manufacture.

      It baffles me that products get through QA and carry viruses, Trojans or other malware, I mean come on.

      • Re: (Score:3, Insightful)

        by sbeacom (1225868)
        It's not really straight from the manufacturer is it?

        I'm not sure about how Vodafone works, but most carriers around here love to brand their phones. The issue it self seems to be isolated to just the Vodafone models so could it be part of the branding they do with the phones?
    • Re: (Score:3, Informative)

      by AndrewNeo (979708)

      And if it's an autorun file, that means only XP and earlier, and very stupid users are vulnerable. Vista and 7 don't execute Autorun.exe by default.

      • by clone53421 (1310749) on Tuesday March 09, 2010 @01:13PM (#31415818) Journal

        Wrong [wikipedia.org], it was replaced with Autorun.inf, and Vista/7 do execute it if you choose to “Autoplay” the device. I believe the dialog will appear first to ask you what you want to do, but “Autoplay” is the top choice and is selected by default.

        • by gparent (1242548)
          You mean the device will autoplay if you tell it to autoplay? Oh my god!
          • Re: (Score:3, Informative)

            by clone53421 (1310749)

            No... it will autoplay if you give it permission to autoplay.

            You don’t tell it to. It asks, and the default option is to allow it. All you have to do is click Ok.

            • by gparent (1242548)
              Just like UAC will run programs with admin privileges if you give it permission to run them.

              You don't tell it to. It asks. All you have to do is click "Yes".
              • My point was that it will autoplay. They added a level of protection, but not much, and the default choice offered with very little fanfare will result in you being infected.

                Microsoft has at least gone to great lengths to make UAC unmistakable, inescapable, and demand your immediate and full attention. The device autoplay dialog isn’t anywhere near as scary as a UAC prompt.

                • by gparent (1242548)
                  So me and AndrewNeo are right, then? Autoplay will be ran only if you select it? Good. Carry on.
                  • No, you don’t have to select anything. All you have to do is click “Ok” and let the computer do what it thought was the best idea.

                    Maybe you think a user is “very stupid” if they autoplay a device that’s fresh out of the box? I don’t...

                    • by gparent (1242548)
                      God damn, you don't have to be so fucking literal about everything. If the user sees "AUTOPLAY" and clicks "OK", then he selected it and approves.

                      99% of the time the user wants to run autoplay, because he's inserting a CD, DVD or a software disk. The only valid thing to do here is to pop that menu and let him "confirm", as you said.
                    • 99% of the time the user wants to run autoplay, because he's inserting a CD, DVD or a software disk. The only valid thing to do here is to pop that menu and let him "confirm", as you said.

                      I agree. And if the Windows Vista/7 users are just presented an option that 99% of the time would have been correct, but in this case it infects their computer with a botnet client, please explain to me how you figure that this statement is correct:

                      And if it's an autorun file, that means only XP and earlier, and very stupid users are vulnerable.

                    • by gparent (1242548)
                      Except your bold "WRONG" statement applied to "Vista and 7 don't execute Autorun.exe by default.", which has nothing to do with whether a user is stupid or not. Fact is, Vista and 7 do not execute anything autorun by default. They ask you first.
                    • Re: (Score:3, Insightful)

                      by clone53421 (1310749)

                      First of all, please learn the difference between <strong> and <a href="">. One is bold, the other is a reference.

                      Secondly, the “default” choice is still to execute the autorun. You just have to click Ok before it will perform the default action. I never said it autoruns without any prompting whatsoever; it prompts, and the default (highlighted) option is to autorun.

                      It’s no different from installers that bundle the Google toolbar and the install option is checked by default. It

                    • by gparent (1242548)

                      First of all, please learn the difference between <strong> and <a href="">. One is bold, the other is a reference.

                      Don't act like an idiot, it's obvious what I meant.

                      Secondly, the “default” choice is still to execute the autorun. You just have to click Ok before it will perform the default action. I never said it autoruns without any prompting whatsoever; it prompts, and the default (highlighted) option is to autorun.

                      So AndrewNeo was right then, not wrong. Jesus. I'm pointing how how you contradicted yourself within one sentence and you wrote an essay about the semantics of autorun.

                    • In the world of autorun, that is a massive difference.

                      Not as massive as you make it out to be. This seems like a no-brainer: yeah, install the drivers. So asking the person does virtually no good in this particular case.

                    • Windows Vista and 7 do not execute *anything* by default, unlike XP. They *ask* if you want to execute.

                      And the default (pre-selected, highlighted) choice is to execute it.

                      By the way, XP does not execute anything by default, either. It asks you if you want to execute. If you are holding down the Shift key, that means “no”. If you aren’t, that means “go ahead”. It’s just more obscure and less user-friendly than Vista is, and most people don’t realise they had a choice. But then, if they had wanted a choice, they could have learned how to avoid the autoplay: most users

                    • by gparent (1242548)
                      Quit digging, XP executes it by default - You can prevent it from doing so, but it will execute it unless you know some arcane shortcut that no one knows exists. In Vista/7, the default is to ASK. And it doesn't do *anything* unless you tell it to. That's a WORLD of difference.
                    • First of all, I didn’t say there was no difference between XP and Vista. There is. Vista asks. That’s a difference. But the default option is still to execute the autorun. It just asks you before it goes ahead and does the default.

                      Second, you’re still not understanding the full meaning of “default”. Yes, it asks by default now, and XP didn’t. But the prompt that it displays when it asks also has a “default” option, and that default is to execute the autorun.

              • The push is toward making computers smarter. Instead of waiting for the user to tell the computer what to do, it figures it out for itself and asks the user to confirm before it does it (don’t laugh, I’m being serious).

                Smarter computers make it easier for dumb people to install software and surf the web, because all they have to do is click “Ok”.

                And smarter computers also make it easier for dumb people to get infected with malware, because they’re too dumb to know when the answ

        • Re: (Score:3, Funny)

          by hduff (570443)
          I see you want to install a Windows virus. Proceed?
          • Well, that’s not exactly what it says... and I certainly wouldn’t expect the Autoplay on a new phone to be a virus, straight out of the box. Bloated and unnecessary, yeah, which is why I probably wouldn’t install it... but not malware. I’m no dummy, but even I wouldn’t expect that.

    • it was just present on the phone's flash drive waiting to try to infect any OS stupid enough to automatically run programs from untrusted devices.

      Since when is my own phone an "untrusted device"?

      • accidental mod correcting

      • It's an untrusted device relative to the computer. The computer doesn't know where it has been (That's why newer versions of Win and all versions of Linux ask you what to do)... YOU may trust it, but a competent programmer will not. A competent programmer will not trust ANYTHING not directly in the control of the program at all times (Don't trust anything that the user could possibly tamper with)...
  • by grahamsaa (1287732) on Tuesday March 09, 2010 @12:54PM (#31415532)
    I'm personally getting fed up with companies that allow this to happen. If companies that distribute devices that come pre-loaded with malware were fined heavily for each instance, they'd likely hire a few good devs and QA people to ensure that this sort of thing doesn't happen again.

    There's absolutely no excuse for this. If you contract out development or manufacturing and that leads to this kind of security risk, there's still no excuse. Unfortunately as of right now there are few if any consequences associated with this type of negligence -- which means that companies aren't going to do much to improve their security practices.
    • If companies that distribute devices that come pre-loaded with malware were fined heavily for each instance

      Nice try - we've invented class-action lawsuits to protect the corporations from this problem. And corporations, as currently constituted, make sure nobody is actually liable for anything* they do.

      I mean, not 'we', but the corporations. Or, um, the government. Sorry I get so confused these days where the lines are.

      * for very large values of 'anything'.

    • Of course there are consequences. There's a huge PR hit, lost sales, the expense of remediating this -- including the class-action suit that's quite likely to follow. There's also a loss of consumer and business trust. Competitors can capitalize on this very easily, compounding the cost.

      This is a self-correcting situation. Government fines not required.

      • There will almost certainly be no class action lawsuit. The average consumer doesn't know about these kinds of exploits, and most certainly does not care. That also means that there will be no significant PR hit. If this were self correcting behavior we wouldn't be seeing stories at least once a month about a high-profile company shipping infected hardware to customers. The reason this kind of thing keeps happening is that the consequences you mention are incredibly minimal, if there are consequences at
        • Then let competitors educate consumers. "Did you know that the HTC phone can install viruses on your computer?" As long as they stick entirely to the facts, there's nothing preventing this.
    • by dbcad7 (771464)
      And you do not find it suspicious at all that the the person this happened to works for the anti virus company whose software found this ?... If some random person, who happened to have some random anti virus program, of which was supplied by a company he did not work for, discovered this then it would be different.. I have zero trust in the honesty of major anti virus companies, let alone some smaller company that few people have heard of till now.. Thank god he had this great new anti virus program.
  • Please (Score:5, Funny)

    by oldhack (1037484) on Tuesday March 09, 2010 @12:54PM (#31415544)
    Linux is not a malware. Such smear tactic at slashdot must stop.
  • by 0xdeadbeef (28836) on Tuesday March 09, 2010 @12:55PM (#31415566) Homepage Journal

    When people are trying to slander it. They're blaming everyone under the sun, when the most likely vector is a store employee who simply plugged the device into a computer and copied the file to the flash drive.

    • Re: (Score:3, Funny)

      The bigger problem is that this is HTC, who also produces the Nexus for Google proper. Even if the attack vector was an employee at the store, it gives people a moment of pause. When was the last time you saw a Blackberry, Palm, Nokia, LG, Windows Mobile, or iPhone distributed with Malware from the store? (Other than anything with vCast)

      • Wish I had mod points for the vCast slam. I laughed for a good minute or two.

      • When was the last time you saw a Blackberry, Palm, Nokia, LG, Windows Mobile, or iPhone distributed with Malware from the store?

        It has happened before. And on a much bigger and worst scale.

        Today's situation is only about 1 single infected phone (Did it got plugged into an infected machine at the store ? Was it deliberate by one employee ?)

        On /. we already did have stories of virus pre-loaded Apple iPods [slashdot.org] and and McDonalds MP3 players [slashdot.org].
        They got windows machine infected which were used a part of their standard QA/Test procedure to test the hardware before shipping it.
        Thus *whole batches* of product got infected from that windows testin

    • by Sockatume (732728)

      It's also conspicuous that it's only the Vodafone version of the handset, which suggests the fault lies much further down the chain than HTC.

      • by 0xdeadbeef (28836)

        It's also conspicuous that is one phone from one employee of company that is hawking its own anti-malware software.

        Did they not even think of buying more phones to confirm it? Shouldn't they, you know, be helping the cops deal with it before they warn whoever put it there?

  • by WrongSizeGlass (838941) on Tuesday March 09, 2010 @12:57PM (#31415598)
    Enough said.

    Queue the parade of iPhone drummers.

    BTW, I wonder if this is one of the patents Apple is suing over
  • Since this appears to be a lone incident, it’s obvious that it didn’t come “straight” from the manufacturer, and it might not even be their fault.

    Then again... if a lot more of these infected phones start turning up, there probably is an infected computer somewhere at the manufacturer and the phones are being plugged into it in the process of setting them up.

    First order of importance, of course, is to send somebody to the end of the assembly line and start checking random phones righ

  • You know, I find it amazing. China continues to load this spy bots on goods destined for the west. Yet, SO many westerners continue to buy it. Here is a thought. QUIT BUYING IT, or SUE THEM. If you start suing the company for infecting your window systems, then companies will quit producing in China OR they will start caring about SECURITY.
    • You can’t sue a Chinese company, so I assume you mean the US company that imported the stuff? You’d have to show them to be grossly negligent, I think, and simply importing goods from China isn’t grossly negligent until this sort of thing is much more widespread. If you know that imported goods from China are probably loaded with spyware, then yeah, importing them and then distributing them without checking them would be negligent, but we’re not there yet.

      • by Khyber (864651)

        "You can’t sue a Chinese company, so I assume you mean the US company that imported the stuff? "

        You don't do much international business, do you? Yes you can sue a foreign company.

        *goes back to dealing with China on an RMA*

  • So, is THIS what Apple was suing HTC over at the International Trade Commission? Does Apple have a patent on preloaded malware on smartphones?

    • Re: (Score:3, Funny)

      by genner (694963)

      So, is THIS what Apple was suing HTC over at the International Trade Commission? Does Apple have a patent on preloaded malware on smartphones?

      If they do I'm sure Microsoft can claim prior art.

    • by kimvette (919543)

      No, it does not come preloaded, but there's an app for that.

  • by noidentity (188756) on Tuesday March 09, 2010 @01:36PM (#31416188)

    Following the linked article, and following that to the original post, we find that first off, it's a single phone, not more than one that had this malware, and we are informed of the software that detected this, coincidentally the commercial product the researchers are working on:

    The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious

    I'm rushing out today to buy this software that can do such feats as detecting this malware. They have a Linux version, right?

  • by beakerMeep (716990) on Tuesday March 09, 2010 @01:52PM (#31416444)
    Dont go the way of kdawson, soulskill.

    Next we'll be reading stuff like "My best friend's sister's boyfriend's brother's girlfriend heard from this guy who knows this kid who's going with the girl who saw Ferris pass out at 31 Flavors last night. I guess it's pretty serious. He might have Mariposa, or Confiker or something. Better get Ferris some AntiVirus software from PandaAV"
    • by _Sprocket_ (42527)

      I'm always torn on these sorts of things. I agree with the idea of adding a grain of salt to these sorts of things. But at the same time, it gives us all a chance to weigh in and/or be exposed to stories that might make the rounds through other channels (I know, I know, "Other-news-aggregation-site had it first"). And while I sometimes tire of the noise, I also tend to find it more useful to be forearmed when said noise makes it in to some meeting or discussion and I don't feel broadsided by it.

If I have not seen so far it is because I stood in giant's footsteps.

Working...