Customer greeted with malware on Vodafone-issued HTC Magic (good thing it's discontinued)

Crapware's bad enough, but having your life torn asunder simply by plugging in that shiny new (insert USB-connected device here) is an exciting new trend -- viruses find their way into the darnedest places, don't they? It seems an employee at anti-malware firm Panda Research who'd ordered a new Magic off Vodafone UK's site was greeted with no fewer than three nefarious executables upon plugging the device into her PC: a bot client, a password stealer, and a Conficker variant, and running a network sniffer quickly confirmed that the virii were live and ready to do harm as soon as the autorun in the Magic's mounted mass storage was executed on her Windows machine. If this were a widespread issue, we'd certainly have heard about it in other places, so odds are good (as Panda points out) that this was simply a case of HTC or Vodafone doing an awful job of wiping a refurbished set -- but it gives you pause and kind of makes you wish you worked for an anti-malware firm, at least on days when you're plugging in a new phone for the first time. The silver lining, we suppose, is that Vodafone has recently discontinued the Magic, though that creates another problem: the only Android device it currently stocks now is the lowly Tattoo, so the X10 and Nexus One can't come soon enough.