Skip to: [ search ] [ menus ] [ content ] Select style [ Aqua ] [ Citrus ] [ Fire ] [ Orange ] [ show/hide more content ]

“Float like a butterfly,…

… sting like a bee.” – Muhammad Ali

A new Android-based Vodafone HTC Magic phone was reported to have malware on it, by an employee at Spanish antivirus firm Panda Security who received the phone. The malware was related to the Mariposa (Spanish for “butterfly”) botnet. (Mariposa is also a census-designated place in California that was an historic mining camp and now sits near a gateway, along the Merced River, to Yosemite Valley (1) [where the photo of the Western Tiger Swallowtail butterfly above was taken].)

The Register published a statement from Vodafone that said Vodafone is investigating the matter. “Following extensive quality assurance testing on HTC Magic handsets in several of our operating companies, early indications are that this was an isolated local incident,” the statement said.

According to Panda, the Spanish arm of Vodafone supplied an HTC Magic smartphone preloaded with malware that attempted to establish a backdoor for stealing information on connected PCs during the synchronization process. According to Panda Security research Pedro Busamante:

“A quick analysis of the malware reveals that it is in fact a Mariposa bot client,” Bustamante explained. “This one, unlike the one announced last week which was run by Spanish hacker group ‘DDP Team’, is run by some guy named ‘tnls’ as the botnet-control mechanism shows.

“Once infected you can see the malware ‘phoning home’ to receive further instructions, probably to steal all of the user’s credentials and send them to the malware writer,” he added.

Panda reported that the phone was also infected with Conficker (1, 2, 3) and a Lineage password-stealing code.

A March 2 article by Elinor Mills of CNET had additional details about the Mariposa botnet:

“Authorities in Spain have arrested three men accused of operating a massive botnet composed of 12.7 million PCs that stole credit card and bank log-in data and infected computers in half of the Fortune 1,000 companies and more than 40 banks, according to published reports.”

The Mariposa botnet first appeared in December 2008 and grew to be one of the largest botnets ever, according to The Associated Press.

The Butterfly worm, which targets Windows XP and older systems, spreads by removable drives, MSN Messenger, and peer-to-peer programs. See these two (1, 2) YouTube videos from Concordia Institute for Information Systems Engineering (in both English and French) about the Mariposa Worm and botnet.

Thanks, Elinor, for answering my question – yes, apparently all 12.7 million infected computers were running Windows. :-) ‘Nuff said.

Elinor also noted today that Microsoft informed us of a NEW zero-day hole in Internet Explorer 6 and 7. (Note added March 12, 2010: Israeli research Moshe Ben Abu released exploit code for the vulnerability, and Microsoft is racing to fix the IE hole.)

-Bill at

Cheshire Cat Photo™ – “Your Guide to California’s Wonderland™”

You can view higher-resolution photos (*generally* 7-30 megabytes, compressed) at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. Apparel and other gifts decorated with some of our most popular photos can be ordered from the Cheshire Cat Photo™ Store on CafePress®. Both Shutterfly™ and CafePress® ship to most international locations worldwide! Framed prints and prints on canvas can be ordered from our galleries on imagekind® and redbubble®. All four locations are accessible from here. If you don’t see what you want or would like to receive an email when new photos are up on the site, send us an email at info@cheshirecatphoto.com.

©2010 William F. Hackett. All Rights Reserved.

No Comments to ““Float like a butterfly,…”

  (RSS feed for these comments)

You must be logged in to post a comment.

InspectorWordpress has prevented 52153 attacks.
Get Adobe Flash player