NEWS FROM THE LAB - Wednesday, June 2, 2010

Samsung Wave Autorun.inf Posted by Sean @ 13:50 GMT

Samsung WaveMore and more mobile phones are shipping with Windows installation files on microSD cards rather than on CD-ROMs. All that's needed to sync your phone with your PC is to connect the phone, detect it as a removable USB drive, and then run the installer. Many phone vendors also include an autorun.inf file to assist the process.

Unfortunately, autorun.inf files can be infected during the production process, and microSD cards aren't read-only.

Engadget is reporting that at least some German models of Samsung's Wave, a Linux based "iPhone killer", are shipping with an infected autorun.inf and a file called slmvsrv.exe.

The file's MD5 is bb9818d76fe60e68608e2a1e7bc6666b and we detect it as Trojan.Generic.3932466. We have telemetry indicating this is in the wild (but quite limited).

This is yet another example of infected devices which will spread to your computer.