Sign up for a new account or log in here:
also @ TechSpot: OCZ Vertex 450 Review
Home › News › Industry News
Microsoft engineer exposes international Android spam botnet
Update (7/6): Researchers at Sophos are backtracking their previous claims, saying they're not so sure anymore about the source of the spam and if Android devices are indeed involved.
An anti-spam engineer working for Microsoft has exposed on his MSDN Cyber Security Blog an international botnet controlling Android devices that is being used to send spam on an industrial scale. Terry Zink found that all of the spam originated from Yahoo's mail servers, taking advantage of compromised Yahoo accounts.
Interestingly, during further investigations he found that the footer of every spam message contained "Sent from Yahoo! Mail on Android," and due to Yahoo's practice of stamping the IPs used when connecting to the service he was able to trace them.
"Luckily, Yahoo stamps the IP address in the headers of where the device connected to its service. I looked up where the IPs are geo-located: Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela," he wrote in his blog post.
Zink believes this latest security issue is the result of a new piece of malware that targets Yahoo Mail accounts on Android devices, which once compromised are used to send spam messages.
"I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for," wrote Zink. "Either that or they acquired a rogue Yahoo Mail app."
Reports of malware have increased for Google's Android mobile OS along with its rise in popularity. There have been several separate reports this year alone, including the first ever-reported Android browser-based malware in May known as "NotCompatible", which propagated via Android's own built in browser. Fortunately, for those infected it didn't appear to do anything malicious and still required permission to install.
While Android users are free to download apps from anywhere via a process known as sideloading, it's always best practice to download apps and other content via the Google Play (previously Android Marketplace) store rather than risk installing unverified software on your devices. This serves as another reminder of the pitfalls you can encounter by installing apps from untrusted sources.
Related Products from Product Finder
Samsung Galaxy S III GT-I9300
The Galaxy S III display is a 4.8-inch HD Super AMOLED screen featuring 720p (720 x 1280 pixel) resolution and a 306ppi pixel density. Is the Galaxy S III a worthy successor to the venerable Galaxy S II and does it help keep Samsung ahead of its rivals? In a word, yes.
HTC One X
The HTC One X runs Android 4 OS with the new Sense 4 user interface and the phone's powerful NVIDIA Tegra 3 processor, which has 4 processing cores that can run at speeds of up to 1.5GHz. On the front face of the phone is the secondary 1.3 megapixel camera for video chatting, which supports the primary 8 megapixel camera, with LED flash. It measures 134.5mm x 70.8mm (5.3in x 2.8in) and weight only 134g (4.7oz).
HTC One S
Read expert reviews, pros & cons, and product information about HTC One S. There are 99 reviews available so far.
Samsung Galaxy Nexus GT-I9250
The Galaxy Nexus by Samsung is the first device to run Android 4.0 Ice Cream Sandwich. It also gets a larger battery and a super high-resolution display. It features a subtly curved front glass panel that protects the 720p resolution (720 x 1280) Super AMOLED HD touchscreen display.
User Comments: 9
Got something to say? Post a comment-
1 person liked this |Opus said:
These botnets achieve nothing but the annoyance of users. Probably ignorant users fall into the trap but awareness is on the rise. Take out these annoying botnets.
-
More like get rid of side loading.
-
Yeh get rid of side loading... Are you on crack?
-
tranceporter said:
walled garden sounding better all the time
-
God-forbid you got rid of sideloading. How would the Google hoards who can't live without tricking-out their Android cream in their pants? Such rebels.
-
Its easy, dont download anything thats not from Google Play. Everytime someone jailbreaks thier phone or does sideloading there is a risk of infection. I know of several ppl who got a brand new Android phone, decided to jailbreak them and voided all warrenties, including the manufacture warrenty. And ended up getting malware that drained one guys bank account.
So its a risk you take. Sometimes using a phone like its intended is cheaper on your wallet in the long run.
-
Just seems like it happens everyday: new botnet appears. It's one of the security risks that are getting tough to handle.
-
When people keep installing stuff from sources they have no idea of, that tends to happen.
It's so easy to scan your files with even a free av app before actually installing anything. I've never actually done this myself but people who are "noobs", as most are, really should.
-
Oh yeah, always the obvious conclusion: it's sideloading that's the problem, just remove it! Except that with Android you still have a nice thing called "choice": No one forces you to get anything from outside the store (and, by default, you can't). But if you do find something elsewhere and the source seems trustworthy enough to you, you are free to install it. It will most of the time be a great and useful piece of software, it may sometimes turn out to be malware. That's a risk you just have to take.
With Apple and Microsoft, you trade freedom for promised security (doesn't this sound familiar somehow?).
Most Popular
| Trending | Featured |
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.