An addition to the roster of digital devices that have been shipped with malware, Samsung, too, seems to have accidentally distributed malware along with the new Bada-powered Samsung S8500 Wave smartphone.
It has been reported that the 1GB micro-SD cards included with the mobile phone units shipped to Germany came preinstalled with Windows-based malware. It attempts to infect users’ PCs with the file slmvsrv.exe once connected to the smartphone. It arrives on users’ systems via the infected micro-SD card.
Trend Micro detects this malicious file as WORN_AUTORUN.WAV, which connects to various websites to possibly download even more malicious files. It may also expose users to backdoor programs and spyware.
According to TrendLabsSM engineer Karl Dominguez, it is easy to identify the malware in removable drives or, in this case, the micro-SD. However, the difficult part is removing it from the affected system because of its rootkit capabilities. It also disables booting in Safe Mode, thus, making it harder to remove the malware.
To address the infected AUTORUN.INF, users are advised to disable the autorun functionality in Windows. It is also important for them to secure their systems by protecting their removable drives. Users can also pick up some countermeasures in our blog entry “How to Maximize the Malware Protection of Your Removable Drives.”
Though the malware-laden 1GB memory cards were only limited to the initial German production run, this incident should nonetheless serve as a cautionary tale for smartphone users. It is similar to the off-the-shelf Vodafone incident that happened a few months ago.
Trend Micro™ Smart Protection Network™ protects product users from WORN_AUTORUN.WAV by detecting and preventing the file’s execution on affected systems via the file reputation service.