If you don't know, the P3GO is a very advanced device compared to most other jailbreaks. It acts as a USB memory when connected to a computer so you can place pkg-files and such there.
It is when inserting the device to your computer that the trojan hits.
The trojan is then trying to upload your passwords and banking information to a remote server. It also makes the computer copy the virus to all other USB-devices inserted to the computer from thereon, and thats how the trojan spreads.
[...] the autorun-file was created on the 11th of November, just a couple of days before the device got shipped to me. This is most likely the date the device got infected, but it is impossible to know if this device actually was infected directly from the manufacturer or after that.
[...] the retail packaging isn't sealed, so it's easy to get the device out, use it and place it back again with nobody noticing[/p]
Not that surprising that a company dealing in products like this wouldn't bother virus-scanning the system they set them up on, but something like this is trivial to find and prevent...