The malware that was found on a pair of Vodafone memory cards installed in HTC Magic handsets recently has in fact affected an entire batch of 3,000 memory cards, the company said.
Vodafone Spain said that the company's investigation into the incident found that a much larger number of cards was infected than just the two that had been brought to light by security researchers in the last two weeks. And the infected cards could have been distributed with handsets other than the HTC Magic, company spokesman Jose Romero said.
"Vodafone takes the security and quality of its products and services very seriously. After becoming aware of a security issue referred by a customer, Vodafone Spain has conducted an intensive investigation and considers that the cause could be a batch of infected memory cards. This is just a local incident in Spain. The customers that could be affected by this incident have been already identified and Vodafone Spain is sending them a new memory card. In addition, Vodafone Spain will provide these customers with tools to verify and fix the integrity of their devices," the company said.
The malware-infected memory cards first came to light last week when an employee of Panda Security in Spain bought an HTC Magic handset from Vodafone's Web site and later found that its microSD card contained the Mariposa bot client as well as other pieces of malware. A second microSD memory card in the same kind of handset was found to have the same infections earlier this week by S21sec, another Spanish security firm.
In both cases, Vodafone issued a statement saying that they believed the problem was an isolated incident that was related to phones that had been opened, refurbished, resealed and then sold as new.
The company spokesman said that the issue is not specific to the HTC Magic phones, and that other models could also have been distributed with the infected memory cards. He did not specify which other models could be affected.