Skip to main content

Samsung Wave Comes Packed with Trojan

Shipping smartphones with infected microSD cards seem to be common practice as of late, with Samsung serving as the latest manufacturer to ship infected devices. Although deemed accidental, the company packaged its first-run batch of Samsung S8500 Wave smartphones with the Win32/Heur trojan embedded in slmsrv.exe. This Windows-based application is accompanied by an Autorun file located in the root of the memory card which launches when the device is connected to the user's PC (and Autorun is enabled).

"I recently received a S8500 Wave test unit from our contacts in Seoul, and the microSD card was infected," reports this user. "A quick search of the internet for "slmvsrv.exe samsung wave" turns up two postings on German discussion forum sites (Telefon-Treff and Handy-FAQ) that confirm what I have personally seen. It is worth noting that my Wave was made for the German market."

After reporting the problem to Samsung, the company confirmed that the infection only resided on microSD cards mounted in the initial run of German market Wave devices. However, as previously mentioned, it stands to question how these cards become infected in the first place, especially new models. In March we witnessed the release of over 3000 infected HTC Magic smartphones in Spain. The devices were loaded with the Mariposa and other strains of malware. Is an epidemic starting to take place?

As for the current Samsung Wave infection, it's believed that the microSD cards were compromised in the first half of May, weeks before the phones were shipped overseas. Typically PC's infected with Win32/Heur will transmit the executable and Autorun file when any memory card or USB storage device is attached.

  • jhansonxi
    A Windows virus on the microSD card for a non-Windows phone is unlikely to occur unintentionally. This leaves the question - stupidity or conspiracy?
    Reply
  • tokenz
    Nice Samsung. I think you should do something for those customers.
    Reply
  • Nakal
    Is the phone REALLY that sexy? :p
    Reply
  • ordcestus
    i'll bet this happened because of an employee. how does a virus accidently get on all these devices?
    Reply
  • shloader
    I vote for stupidity and sheer laziness. Cards are probably loaded from a computer running Windows SP2 with an out-of-date copy of AVG on it. The IT guy at my work it a bit of a Mac slinging douche with no intentions of upgrading our computers from SP2 with IE6. This happens everywhere and it usually takes an issue like this to kick an IT department into action.
    Reply
  • jaysbob
    as annoying as it is I'm always fascinated by how much like life viruses have become. they manufacture computers in clean rooms to keep out dust and bugs and the like. soon their going to have to start using "digital" clean rooms to keep unwanted viruses out of software.
    Reply
  • omikron48
    That's why the first thing you do after installing a fresh copy of Windows is disable the autorun feature.
    Reply
  • Arethel
    jaysbobas annoying as it is I'm always fascinated by how much like life viruses have become. they manufacture computers in clean rooms to keep out dust and bugs and the like. soon their going to have to start using "digital" clean rooms to keep unwanted viruses out of software.
    They should already be doing this...

    All of my IT/IS testing environments are sterile. I wouldn't dare create any deployments in a compromised setting. That's just asking to get fired/sued.
    Reply
  • 4ILY45
    omikron48That's why the first thing you do after installing a fresh copy of Windows is disable the autorun feature.
    or one can just download a Panda USB vaccine..

    http://www.pandasecurity.com/homeusers/downloads/usbvaccine/
    Reply
  • omikron48
    Does Panda USB Vaccine prevent autorun from triggering from the system drive?
    Reply