Crapware's bad enough, but having your life torn asunder simply by plugging in that shiny new (insert USB-connected device here) is an exciting new trend --
viruses find their way into the darnedest places, don't they? It seems an employee at anti-malware firm Panda Research who'd ordered a new
Magic off Vodafone UK's site was greeted with no fewer than three nefarious executables upon plugging the device into her PC: a bot client, a password stealer, and a Conficker variant, and running a network sniffer quickly confirmed that the virii were live and ready to do harm as soon as the autorun in the Magic's mounted mass storage was executed on her Windows machine. If this were a widespread issue, we'd certainly have heard about it in other places, so odds are good (as Panda points out) that this was simply a case of HTC or Vodafone doing an awful job of wiping a refurbished set -- but it gives you pause and kind of makes you wish you worked for an anti-malware firm, at least on days when you're plugging in a new phone for the first time. The silver lining, we suppose, is that Vodafone has recently discontinued the Magic, though that creates another problem: the only Android device it currently stocks now is the lowly
Tattoo, so the
X10 and
Nexus One can't come soon enough.
posted March 9th 2010 2:33PM
Gotta worry about anything with a dongle that attaches to a computer.
@stabbytheicepic
Danglin' my dongle.
@stabbytheicepic
Gotta turn off autorun. It's the first thing I do on a new Windows install.
But I first and foremost blame Microsoft for enabling such a huge vulnerability. I wonder what were they thinking..
@stabbytheicepic Or just stop using a vulnerable OS?
As always, please learn to wipe out your phone and reflash a better (cleaner) version of the OS. XDA is your friend!
They are building a bigger Android group. It's not WinMo only anymore.
And if you are a big Android fan with a WinMo device, they have working variations of Android for you.
If you are just a WinMo nut like me, they have always had you covered.
The Tattoo is a pretty nice phone actually. Screen could obviously be better but I don't complain. :)
Speaking of Panda, the new Honey Walnut Shrimp from Panda Express is actually quite good. It's $1 extra though, which sucks, but not too much.
lol is it malware because it spells so badly?! Nice one h4ck3rz!
@bruckwine
Yes.
Ah, Daring Fireball. Explains how such an issue got spun into such disgusting crap.
How "daring", pfft.
Oh my gosh, malware on a sdcard... I'm sure android and htc are at fault. I mean, it couldn't be window's habbit of starting unknown executables from mass storage devices...
so an employee at an anti-malware company gets a new phone and is greeted by malware once it is plugged into a computer? i call bullsh!t on that one. i wouldnt even report that without hard proof, otherwise it is just free advertising for the company
"good thing it's discontinued"
Aren't 90% of phones out there discontinued?
In Japan the phone is being sold under the name HTC-03A by NTT Docomo, and it hasn't become discontinued yet (docomo's product page is at http://www.nttdocomo.co.jp/product/foma/pro/ht03a/). Perhaps they'll have to release a clean copy of the OS?
Does anyone know how the APp approval process goes for Android Marketplace? Is there an evaluation phase for the apps? The one thing that worries me about multi-tasking is that it could allow background apps to "listen" in on me and send my data elsewhere. or am I just being overly paranoid.
@Dchu220 When you install an app it tells you which services the app requires or uses such as full internet access or access to your contact list. If you don't trust the app, you shouldn't install it first of all, but you can review the list of services and click cancel.
@DrJeckyl
Thanks for the reply. I played around with my friend's G1 but haven't touched an Android since. It's good to know that they do have some safety measures in place.
its been a while since i heard of the cornfucker, i mean, conficker worm.
This can happen with any usb peripheral, with thumb drives being the most common.
After apple is done with HTC their phones will be even worse .
Only hitler would own a phone that says. "I pwned joo"
OK, as I posted on the Panda website, the phone does not have malware installed. The Android OS uses the YAFFS2 file system that is not mountable in Windows operating systems. When you plug an Android phone into a Windows machine you get the inserted SD card. THAT is where these things are being stored in this particular case. It'll most likely be whoever is contracted to provide the cards that is to blame here.
What a lucky coincidence.