New Android Threat
Symantec security response has posted a write-up about a new Android threat, Android.Claco (also known as SuperClean) that poses new challenges to security teams in a world of BYOD. You can read about the threat here: http://www.symantec.com/security_response/writeup.jsp?docid=2013-020415-5600-99, it is a typical piece of Android Malware in that it will send contact lists, images, etc. to a command and control server. But it adds a new layer of maliciousness by downloading autorun.inf, folder.ico, and svchosts.exe to the phone.
In effect, SuperClean turns any Android phone into the equivalent of a compromised thumb drive. This means any employee who brings their Android phone into the office and plugs it into their computer to recharge could compromise their entire network. While we have seen malware that moves from PC to phone, this is the first time that we have seen malware that jumps from phone to PC. But this method is remarkably simple so I would expect to see it repeated in other malware.
The easiest was to ensure this threat does not spread from BOYDs to your network is to ensure that autorun is disabled across the network, on both PCs and Servers. You can improve security even further by restricting the USB devices that are allowed on your network to only those from an approved vendor (or vendors). Finally, encourage all employees to run security software on their mobile devices, it will protect them but it could also protect your network.