Microsoft engineer exposes international Android spam botnet

By Lee Kaelin on July 5, 2012, 7:30 AM

Update (7/6): Researchers at Sophos are backtracking their previous claims, saying they're not so sure anymore about the source of the spam and if Android devices are indeed involved.

An anti-spam engineer working for Microsoft has exposed on his MSDN Cyber Security Blog an international botnet controlling Android devices that is being used to send spam on an industrial scale. Terry Zink found that all of the spam originated from Yahoo's mail servers, taking advantage of compromised Yahoo accounts.

Interestingly, during further investigations he found that the footer of every spam message contained "Sent from Yahoo! Mail on Android," and due to Yahoo's practice of stamping the IPs used when connecting to the service he was able to trace them.

"Luckily, Yahoo stamps the IP address in the headers of where the device connected to its service.  I looked up where the IPs are geo-located: Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela," he wrote in his blog post.

Zink believes this latest security issue is the result of a new piece of malware that targets Yahoo Mail accounts on Android devices, which once compromised are used to send spam messages.

"I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for," wrote Zink. "Either that or they acquired a rogue Yahoo Mail app."

Reports of malware have increased for Google's Android mobile OS along with its rise in popularity. There have been several separate reports this year alone, including the first ever-reported Android browser-based malware in May known as "NotCompatible", which propagated via Android's own built in browser. Fortunately, for those infected it didn't appear to do anything malicious and still required permission to install.

While Android users are free to download apps from anywhere via a process known as sideloading, it's always best practice to download apps and other content via the Google Play (previously Android Marketplace) store rather than risk installing unverified software on your devices. This serves as another reminder of the pitfalls you can encounter by installing apps from untrusted sources.

User Comments: 9

Got something to say? Post a comment
1 person liked this | Opus Opus said:

These botnets achieve nothing but the annoyance of users. Probably ignorant users fall into the trap but awareness is on the rise. Take out these annoying botnets.

Guest said:

More like get rid of side loading.

Guest said:

Yeh get rid of side loading... Are you on crack?

tranceporter tranceporter said:

walled garden sounding better all the time

Guest said:

God-forbid you got rid of sideloading. How would the Google hoards who can't live without tricking-out their Android cream in their pants? Such rebels.

Tygerstrike said:

Its easy, dont download anything thats not from Google Play. Everytime someone jailbreaks thier phone or does sideloading there is a risk of infection. I know of several ppl who got a brand new Android phone, decided to jailbreak them and voided all warrenties, including the manufacture warrenty. And ended up getting malware that drained one guys bank account.

So its a risk you take. Sometimes using a phone like its intended is cheaper on your wallet in the long run.

Jay Pfoutz Jay Pfoutz, Malware Helper, said:

Just seems like it happens everyday: new botnet appears. It's one of the security risks that are getting tough to handle.

Guest said:

When people keep installing stuff from sources they have no idea of, that tends to happen.

It's so easy to scan your files with even a free av app before actually installing anything. I've never actually done this myself but people who are "noobs", as most are, really should.

Guest said:

Oh yeah, always the obvious conclusion: it's sideloading that's the problem, just remove it! Except that with Android you still have a nice thing called "choice": No one forces you to get anything from outside the store (and, by default, you can't). But if you do find something elsewhere and the source seems trustworthy enough to you, you are free to install it. It will most of the time be a great and useful piece of software, it may sometimes turn out to be malware. That's a risk you just have to take.

With Apple and Microsoft, you trade freedom for promised security (doesn't this sound familiar somehow?).

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.