Twice in the span of about a week, traces of the Mariposa botnot were found in SD cards of HTC Magic phones. Panda Security's PandaResearch blog has been following this story closely, reporting that the original report garnered a lot of attention, including that of an IT securty company. According to the blog:
This guy had also purchased an HTC Magic direct from Vodafone's official website the same week as my co-worker. He hadn't connected the phone to his PC yet, but as soon as he saw the news hurried back home, plugged it in via USB and scanned its memory card with both MalwareBytes and AVG Free. Lo and behold, Mariposa emerged again, exactly in the same way as in our original finding. ... According to the dates of the files, it seems his Vodafone HTC Magic was loaded with the Mariposa bot client on March 1st, 2010 at 19:07, a little over a week before the phone was delivered to him directly from Vodafone.
The HTC Magic is an Android-based smartphone, and it appears owners are taking the reports seriously. According to the Israeli-security company DroidSecurity, more than 10,000 new users downloaded security protection. While the virus seems to be benign on the phone itself, the problem, DroidSecurity pointed out, comes when the phone is hooked up to a computer:
Once a user plugs the smartphone into a PC using a USB connection, the malware immediately phones home to the malware writer, steals personal information and the system is converted to a bot. A Lineage password stealer was also found on the device. Specifically, the autorun.inf and autorun.exe files were infected.
HTC Magic's infection stands as yet another reminder for having solid smartphone security policies in place that would include plugging personal or unsecure smartphones into work-related computers.