Security researchers recently unveiled findings about malware that came preinstalled on a Vodafone mobile phone handset. Its memory card was also believed to carry malware. A leading mobile telecommunications company, Vodafone, has been taking the heat for packing malware straight out of the box on their HTC Magic Android smartphones. The recipient of one of the malware-laden phones was, fortunately, an employee of the Spanish antivirus firm, Panda Security. Plugging the phone in via USB into any PC quickly led to an infection by WORM_SILLY.QT. Vodafone has already released an official statement saying that the infected phone problem was an isolated one.

Trend Micro advanced threats researcher Ryan Flores believes it is likely that a computer in Vodafone’s production line has been infected by WORM_SILLY.QT. And because of the worm’s capability to propagate through removable drives, somehow SD cards in a certain batch of smartphones were infected.

This is a perfect example of one of the many threats presented in Trend Micro’s Future of Threats and Threat Technologies report.

While it may be a rare occurrence for the mobile giant, Vodafone, this type of off-the-shelf malware has already made one too many appearances mainly due to the common practice of syncing phone and music devices to one’s PC. Here is a rundown of past off-the-shelf malware reports:

• Digital Photo Frames Frameup?
• Out of the Factory, into the USB
• Get Your IPOD Now—And Get a Free Worm!
• McDonald’s Japan Recalls Promotional MP3 Players

Trend Micro™ Smart Protection Network™ protects product users from this threat by detecting and preventing the file’s execution on affected systems via the file reputation service.

Update as of March 23, 2010, 3:26 p.m. (GMT +8:00):

The Register reports that Vodafone Spain admitted to supplying 3,000 HTC Magic smartphones with preinstalled malware. This admission proves that it was not an isolated incident as was previously reported.

Researchers from Microsoft recently unearthed exploits targeting the CVE-2010-0188 vulnerability.

On February 16, Adobe released a security advisory describing a vulnerability in Adobe Reader and Acrobat 8.X and 9.X. Once the vulnerability is exploited, attackers gain the capability to perform denial-of-service (DoS) attacks on affected systems. Doing so can cause applications and even systems to crash. Attackers can also execute arbitrary code on affected systems.

Trend Micro detects the exploit binary as TROJ_PIDIEF.EXP, a specially crafted .PDF file. It belongs to a family of known exploits that target Adobe Acrobat and Reader vulnerabilities. This family is also capable of dropping other malicious files such as spyware and backdoors onto affected systems.

Users are advised to update to the latest versions of the aforementioned Adobe products to secure their systems from attacks related to this vulnerability.

Trend Micro™ Smart Protection Network™ protects product users from this threat by detecting and executing the malicious file via the file reputation service.