Add to del.icio.us     Digg this

Mar. 19, 2010

Vodafone's Spain Division says that up to 4,000 HTC Magic customers could be affected by malware-infected smartphones one week after it called the problem an isolated incident.

The wireless carrier linked the virus and the malware to a batch of memory cards.

Vodafone said the memory cards were infected with the Mariposa botnet, which affected over 12.7 million personal computers and stole private credit card and various banking information before Spanish police arrested the alleged ringleaders of the scam on March 4.

A spokesman for Vodafone said the company was still investigating how the memory cards got infected.

"This is an incident in Spain, not an issue of HTC or Android," he said.

Vodafone has identified mobile customers who received the infected phones and is in the process of distributing replacement memory cards for the devices.

Reports of mobile handsets infected with the Mariposa botnet surfaced after employees at two Spanish information technology security companies, Panda Labs and S21-Sec, scanned their new HTC Magic handsets and discovered that they had been infected with malware and virusses.

Both the infected devices had been purchased directly from Vodafone, prompting the labs to speculate that the problem lay in the quality-assurance process on the carrier's refurbished phones.

In addition to the Mariposa botnet, Panda Labs discovered the Confiker worm and the Lineage password-stealing virus had been loaded onto the HTC Magic's memory card.

Vodafone says the HTC Magic is on its way out, although it has not yet given a formal discontinuation date for the device.

Although news of its decision came out shortly after reports that the devices were infected with malware, the wireless carrier said the handset was being cut because it was one of its longest-running handsets.

Spanish authorities also discovered the identity of the 31-year-old suspect, who used the alias "hamlet1917," and made the arrest in the town of Balmaseda, in Vizcaya province.

A search of all the computers found there led to the other two suspects, the statement said.

By December 2009, investigators had identified practically all of the control channels for the pirated computer network and "proceeded in a coordinated way internationally to block the domains that were being used," the statement said.

The domains were mainly in two U.S. and one Spanish service providers.

In a counterattack, the suspects (probably as an act of revenge) carried out a cyberattack against the Canadian firm investigating them. The attack seriously affected its Internet service provider and left numerous clients without any connection, including Canadian universities and government offices, the statement said.

However, that counterattack also allowed criminal investigators to determine the rest of the control channels for the alleged scheme, which were finally blocked as well, except for a few servers that controlled a relatively smaller number of PCs.

The hackers were to appear before Judge Garzon at Spain's National Court in Madrid because of the broad implications of the virus-infected computers, the statement said.

Authorities in Spain are also investigating whether a fourth suspect, possibly a Venezuelan national, might also be involved, police in Madrid said.

Add to del.icio.us     Digg this

Source: Vodafone.