Vodafone Spain has provided a pre-infected smartphone to a researcher at S21Sec, one week after a similar incident in which the company provided an infected smartphone to a researcher at Panda Security. The smartphones are infected with the Mariposa botnet client and other malware.
Both of the smartphones were order at approximately the same time, according to The Register. When the incident with Panda Security occurred, Vodafone claimed that it was an isolated incident. The infection was detected by a researcher at S21Sec, who forwarded it to Panda Security for analysis.
Pedro Bustamante, of PandaLabs, conducted the analysis.
“According to the dates of the files, it seems his Vodafone HTC Magic was loaded with the Mariposa bot client on March 1st, 2010 at 19:07, a little over a week before the phone was delivered to him directly from Vodafone,” Bustamante wrote. “The Mariposa botnet client itself is exactly the same as reported last week, with the same nickname and same Command & Control servers.”