Shipping smartphones with infected microSD cards seem to be common practice as of late, with Samsung serving as the latest manufacturer to ship infected devices. Although deemed accidental, the company packaged its first-run batch of Samsung S8500 Wave smartphones with the Win32/Heur trojan embedded in slmsrv.exe. This Windows-based application is accompanied by an Autorun file located in the root of the memory card which launches when the device is connected to the user's PC (and Autorun is enabled).
"I recently received a S8500 Wave test unit from our contacts in Seoul, and the microSD card was infected," reports this user. "A quick search of the internet for "slmvsrv.exe samsung wave" turns up two postings on German discussion forum sites (Telefon-Treff and Handy-FAQ) that confirm what I have personally seen. It is worth noting that my Wave was made for the German market."
After reporting the problem to Samsung, the company confirmed that the infection only resided on microSD cards mounted in the initial run of German market Wave devices. However, as previously mentioned, it stands to question how these cards become infected in the first place, especially new models. In March we witnessed the release of over 3000 infected HTC Magic smartphones in Spain. The devices were loaded with the Mariposa and other strains of malware. Is an epidemic starting to take place?
As for the current Samsung Wave infection, it's believed that the microSD cards were compromised in the first half of May, weeks before the phones were shipped overseas. Typically PC's infected with Win32/Heur will transmit the executable and Autorun file when any memory card or USB storage device is attached.