Google Disputes Claim of Android Botnet

Google is disputing statements from researchers at Microsoft and Sophos who this week warned that Android devices were sending spam through compromised Yahoo Mail accounts. In response, both now say they are further investigating their earlier claims.

Google is disputing statements from researchers at Microsoft and Sophos who this week warned that Android devices were sending spam through compromised Yahoo Mail accounts. In response, both now say they are further investigating their earlier claims.

The idea of an international Android botnet leveraging the mobile operating system was first publicized earlier this week by Microsoft engineer Terry Zink in a blog post. He believed a new type of malware was accessing Yahoo Mail accounts on Android devices to send spam messages. He also determined from the originating IP addresses that the spam was coming from Asia, Eastern Europe, South America and the Middle East.

Chester Wisniewski, a Sophos Canada senior security engineer, also posted about the malware today. “The messages appear to originate from compromised Google Android smartphones or tablets. All of the samples at SophosLabs have been sent through Yahoo!’s free mail service and contain correct headers and DKIM signatures,” he wrote. He believed Android users became infected by downloading pirated copies of paid Android apps that contained the Trojan.

As media outlets and bloggers began reporting on the Android botnet, Google issued a statement saying evidence did not support the researchers’ findings. “Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using,” the company said.

This led Zink to admit that the spam headers could have been spoofed so they appeared they came from Android devices instead of a more conventional source. Or not.

“Yes, it’s entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the the [sic] message-ID thus overriding Yahoo’s own Message-IDs and added the ‘Yahoo Mail for Android’ tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices,” he wrote.

“On the other hand, the other possibility is that Android malware has become much more prevalent and because of its ubiquity, there is sufficient motivation for spammers to abuse the platform. The reason these messages appear to come from Android devices is because they did come from Android devices.”

Similarly, Sophos’ Wisniewski told The Wall Street Journal today he is rechecking his findings to confirm if it’s spam using a faked signature or if it is actually coming from Android devices.

Google said in its statement that it also is continuing to investigate the details.

Suggested articles

Hey Alexa, Who Am I Messaging?

Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info.

Discussion

  • Anonymous on

    Why would Microsoft go public on this without first sharing details with Google?  I thought they had a whole department dedicated to outreach and third party coordination. 

  • Anonymous on

    Because MS hate Google with a passion and will jump on anything that is anti-Google?

  • Anonymous on

    This is what I am seeing. The body will have a hyperlink in them. Are they spoofing the android mobile?

     

    X-Mailer: YahooMailWebService/0.8.120.356233

    Message-ID: <1341501279.59178.androidMobile@web122101.mail.ne1.yahoo.com>

    with bodys like this
     
    "Good Morning, so I was at school and began reading on FOX's county career testimonials early last saturday and then saw a brand new internet based opportunity where retired veterans constantly make up to $1600 /week+ so of course she didnt understand it for a while yet for some reason we really had to try something and I'm happy I did because I've managed to make $387.05 by my 2nd day working. It is seriously simple Ive already gotten paid once straight into my checking account! it's the best thing thats hapened to us in years..


    Here's the page: PBS Trys Out 2012's Trending Online Based Jobs mg3 I think virtually everybody that has computer access will be able to do the work which is why I am filling in all my new friends and those i care about. I'd like you to signup and make some profit your self you can also send this e-mail with everyone you know that needs more money so we can all eliminate the deep recession..

    Sent from Yahoo! Mail on Android
    "

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.