Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Vodafone Android Phone: Complete with Mariposa Malware

Published: 2010-03-09
Last Updated: 2010-03-09 14:20:25 UTC
by John Bambenek (Version: 1)
4 comment(s)

Panda Security has a post up on one of their employees buying a brand new Android phone from Vodafone and discovering it was spreading Mariposa. It didn't infect the phone proper, but it did have autoexec.inf and autoexec.bat files designed to infect whatever Windows machine the phone was plugged into via USB cable. Unlike the Engergizer story from yesterday, this one is happening now. Standard USB defenses apply, don't automatically execute autoexec.bat/inf files from USB devices. This Microsoft KB article discusses how to disable the "Autoplay" functionality that leads to this problem.

This leads to the interesting question, why not just infect the phones? The technology is certainly there to write malware that is phone specific.  We won't see mass infection of phones (or even better, a cell-phone botnet) likely until commerce is much more common on phones.  Malware is driven by the desire of profit and once it becomes profitable, we'll see exploitation.  The problem is, that these slimmed down devices make it difficult to configure in security. Only a few cell phone types even have the option of cell phone antivirus software. The clock is ticking on that threat.

--
John Bambenek
bambenek at gmail /dot/ com

Keywords:
4 comment(s)
Diary Archives