Google denies Android botnet claim

Google denies Android botnet claim

Summary: After a Microsoft engineer claimed he discovered an Android botnet sending out spam on an international scale, Google has denied the allegations. It's still unclear, however, where the spam is coming from.


Update on July 16 - New Yahoo app vulnerability explains Android spam

tech_eyeOn Wednesday I wrote about how Microsoft engineer Terry Zink said he discovered Android devices were being used to send spam as part of an international Android spam botnet. Today, Google got in touch with me and denied Microsoft's claim.

"The evidence does not support the Android botnet claim," a Google spokesperson said in a statement. "Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using."

Zink explained how he found spam e-mails were being sent from compromised Yahoo accounts accessed by Android devices. He deduced this by looking at the e-mails' header information as well as noting the "Sent from Yahoo! Mail on Android" signature. The Microsoft engineer speculated a cybercriminal had developed a new piece of malware that can access Yahoo Mail accounts on Android devices, send spam messages from them, and had linked them together to create a spam botnet.

Security firm Sophos today also shared its findings on the spam e-mails in question:

The messages appear to originate from compromised Google Android smartphones or tablets. All of the samples at SophosLabs have been sent through Yahoo!'s free mail service and contain correct headers and SPF signatures.

Like Zink, Sophos concluded that it is "likely" Android users are downloading Trojanized pirated copies of paid Android apps. The security firm could not, however, prove that the attacks originated from Android devices. In a follow up blog post on MSDN, the Microsoft engineer agreed that this could not be stated conclusively:

In comments of various blogs a lot of people have suggested that these headers are spoofed, or there was a botnet connecting to Yahoo Mail from a Windows PC and sent mail that way. Yes, it’s entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the the message-ID thus overriding Yahoo’s own Message-IDs and added the “Yahoo Mail for Android” tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices.

Since Yahoo provides the originating IP address for its e-mails, it is possible to see where the spam is being sent from: Asia, Eastern Europe, the Middle East, and South America. The e-mails Zink got his hands on came from Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela. The samples analyzed by Sophos originated from Argentina, Ukraine, Pakistan, Jordan, and Russia.

Even if you are not in any of these countries, please be careful. Android lets you download and install apps from anywhere. Please only install apps from Google Play unless you are absolutely certain you know who wrote the software you want to install.

I will keep you posted once I learn more as to whether the spam e-mails are coming from Android devices or if someone is simply making it look like they are.

Update on July 16 - New Yahoo app vulnerability explains Android spam

See also:

Topics: Security, Android, Google, Malware, Microsoft, Mobile OS, Open Source, Operating Systems, Smartphones

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Not sure either way but...

    I do not know if this is android or not but there are usually two systems that can be counted on for spam... Yahoo mail and Hotmail! Those two services tend serve up most of the spam I get anywhere.
    • Same here...

      I have Yahoo and Gmail.

      Yahoo is a spamhouse. What is interesting - quantity of spam went up several times after Facebook IPO. I do not think this is coincidence - when my wife created Facebook account under my name all my Yahoo addressbok addresses were copied by Facebook and everybody on my addressbok got invitation to join Facebook from *me*...
      Solid Water
    • Oh, I agree.

      I never get spam in my inbox. In fact, Gmail spam filter is so effective that my important emails also go into spam folder.
    • Can tell

      Someone haven't used Hotmail in a long time. As for spam, Yes Gmail give out a lot of spam too. If you have a Hotmail acct and look in your junk mail folder, you can block those emails from emailing you again. When you do this, it shows the email address of those you about to block. A lot of them are from Gmail. And this actual wasn't about Gmail but android devices sending out spam. But we tend to forget that some companies put android on other devices besides phones.
  • shameful

    Why are they posting about things they do not work on?

    Why is it important to even waste their time working on android? So is their post going to hurt android or help MSFT? You only need to look at who would gain the most from the posting and you will find the real culprit.

    With a less than
    • Good lord what a troll. A clearly admitted troll.


      The handle says it all.

      Just to show you how completely and entirely STUPID your comment of:
      "Why are they posting about things they do not work on? Why is it important to even waste their time working on android?"

      Who says that 'they' were working on Android? Nothing says at all they were working on Android. Not a single solitary thing. What it does say is that they "discovered Android devices were being used to send spam". And that doesn't mean you have got to be working on Android devices to discover that.

      What a better question would be is what are you doing commenting on MSFT when you are clearly so biased against them, anything you say about them will be about as worthless as a skinheads commentary on people of other races.

      Sometimes I really feel compelled to ask what it was that MS ever did to you so bad that makes you feel compelled to take the time to write nonsense about them. Millions on millions use Windows around the world every day without incident or any misadventure yet the likes of you seem to want to spread the notion that Windows is some kind of plague.

      Well, here is the news pal, just in case you havnt heard. People just like you have been doing an even better job trying to spread that FUD around for years. And guess what?

      Its not working.

      It never will.
      • Actually Cayble,

        If you read the article, the Microsoft engineer later agreed in a follow up post on MSDN that it could not be stated conclusively that the spam emails originated from Android devices. OF course journalist would know to very carefully word any suggestion of an unproven fact so as not to face charges of libel. An engineer for a company with a competing product releasing such a statement without proof is very likely to be considered liable if the claims are proven to be false. According to the wording of his original statement, the MS engineer could very well be looking for a new job if he opened MS up to a libel suit.

        Interesting that you took the MS engineer's original statement at face value even though the statement and who it was coming from could very well indicate bias and therefor should be as worthless as a skinheads comments on race. You even disregarded his follow up statement that it was not conclusive that the spam originated from Android devices.

        Any negative statement about something where there could be a dissenting opinion could indicate bias. If I had the opinion that MS should be boycotted would my opinion automatically invalidate my reasons for holding that opinion merely because my opinion showed a bias against MS? Are you actually suggesting that any bias, positive or negative, invalidates a person's reasons for forming an opinion?
        • Well

          You and everybody taking Google word that it's not true, but look at their track record too about malware in their app store. They denied it at first and now slowly deleteing those apps.
          • There is a difference in taking their word for it

            and listening objectively to all sides of an issue. Google did not deny it, they stated that there is no evidence for it.

            "The evidence does not support the Android botnet claim," a Google spokesperson said in a statement. "Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using."

            The researcher who initially made the statement has also admitted that there is no conclusive evidence that the emails are originating from an android botnet as well as other experts who have identified other possible methods by which the emails could be being spread by faking the Android signature.

            All that said, it is possible that it really is an Android botnet but of course MS would be quick to spread the news knowing that if it doesn't turn out to be an Android botnet after all, that news prbably won't be as sensational as the premature and false report. It is likely that in the future, people will only remember the headlines about and Android botnet and this will carry a lasting effect which will be damaging to Androids reputation even if it proves to be false.
          • Malicious aps in the app store is not the same

            as having an in secure platform. Apple missed a few malicious apps too and MS has plenty. Policing of the app store itself could be better but the openness of Android made it a logistically difficult thing to accomplish.

            In my opinion, Google did blunder by putting their desire to grow their app store in size ahead of security audits of the software submitted. Google has blundered on several business decisions and they really should have me as an advisor. I could have told them before the obvious bad ideas came back and bit them. They do seem to loose focus when it comes to common sense vs. business sense.

            The app store should have been designed around the concept of trust relationships. Android developers could become verified in order to build a trust relationship and trusted developers would get higher ratings and their submissions could get fast tracked into the store. Any abuse of the trust extended to them would result in lowering their trust score and serious breaches would result in losing their trusted status and potential criminal charges pressed if the software turned out to violate privacy or fraud laws.
  • they have bigger problems

    Why support a company that will not support locally. Why support a company that will not hire American natural born citizens? Why support a company that hires thousands of inmates in prisons in Washington and Texas to package Microsoft products for pennies an hour? Why even care anymore about a failing company that would do anything to compete?
    • 100% false

      It's interesting to note that this poster is spouting falsehood. If he had done research, he would have found out that this is nonsense. Microsoft did through a subcontractor, Exmark, have prisoners shrinkwrap Windows....... 95 Demo boxes in the Mid-90's. As for the rest of the statement, it's pure nonsense. Microsoft does hire natural born Americans because otherwise, it would be a violation of the Civil Rights Act of 1964. "Race, color, religion, sex, or national origin" which the last part is very important here.
    • Wow...

      you lost little boy and making up stories...
    • Wow!

      I just defended you against Cayble and then scroll down to this? While your first post was not very well written, I did agree with the thinking that questions the MS engineers motivation to report an inconclusive but but damaging statement about a competitors product. While it is possible that some kind of botnet could exist through some unofficial hacked software carrying a trojan. A very large botnet of the sort would be unlikely unless there were an extremely large number of users who knew where to look to get the pirated software and were running none of the free security software that is supposed to scan and protect against such malware. The MS engineer rushed the statement out that it was compromised Android devices without any evidence and it seems that this sort of headline grabbing news even if unsubstantiated could be damaging to Androids reputation even though it is no more Androids fault that people would pirate software and pick up trojans than it is Microsoft's fault that the same has occurred on their platform for decades.

      While I do personally boycott MS products even as I support my customers MS products, I also try when I can to offer competing solutions as alternative options. I do hold a significant bias against MS but my reasons are based on the experience gained from supporting MS products for the last thirty years and the observations during that time of MS history of using unfair business practices to gain competitive advantage rather than competing on its merits. I believe this latest incident just one more example of the dirty tricks MS will go to in order to damage a competitor's image because I find it doubtful that this engineer released his findings without the consent of his superiors. At this point the issue is not whether or not the findings are correct but that the announcement of the news is likely to stir up much more controversy and gain much more attention than the later findings that it wasn't actually an Android botnet. Only if Google makes a legal issue over the libel would the news that it wasn't a botnet receive as much attention. Of course MS knows it's pretty safe from such action as Google launching such a lawsuit is not likely to provide much in the way of compensation as they would have to prove damages that are in fact impossible to quantify. Basically, MS can libel its competitor with out much fear of reprisal and whether or not their engineer's findings prove to be accurate or not MS will benifit from the libel.

      All of that said, I cannot support anyone who purports to be on the right side but engages in the very same mudslinging and spreading of FUD that makes me feel that MS should be boycotted. If there is equal wrong on both sides there is little motivation to choose one side over the other... so why boycott MS at all?
  • The ZDNet Christmas Tree is full of twisted ornaments.

    It get's tiring seeing Trojans from who knows where installs twisted around to become Android security problems. If you go to other articles you see unbiased reporting, like on TDL-4. ZDNet won't touch it even though 4.5 million Windows users were infected in three months.
    • nice whine

      Have fun at the whinefest
  • Hey I have an idea

    Why don't we force the rest of the world to become compliant. In other words, quit making exceptions for mail servers because of that important client/network/whatever just to make people happy.

    Everyone needs to get together and just do it. JUST DO IT! :) Sure there are going to be some customers that will be angry, but you know what, after thier mail host realizes no one will accept mail from them you will see how quickly they become compliant. And if they don't, they will lose their customer base.
    • Interestingly enough, your will is likely done.

      Microsoft have just announced Surface, which although at first glance appears to be merely an Apple-killer attempt, is not.

      They spent 30-odd years building an industry that was intended to put computing power at the fingertips of the masses. It was a lofty goal, but what ensued isnt pretty. Instead, we got computer-based 'communitainment' aimed at the lowest common denominator - the WWW - and its not computing in the nature that Bill Gates originally saw.

      A lot of the problem is customisability. Android suffers from this too, what makes it useful to the masses makes it useful to criminals too. I suspect this is why Microsoft are tearing down and starting from scratch with a template system they can better control, while still providing what the majority of us are actually using today.

      Average Joe doesnt want or need computing, he wants an entertainment and communications platform that computers - PCs - have traditionally provided up to now as a 'swiss army knife' solution. Mobile devices are encroaching on that fast, but are just smaller versions of the same type of system.

      Surface appears to be an integrated alternative, designed from scratch to provide only what is needed. I cant say I'm much of a fan myself, but it might well stow the disruptive element down enough to make things like email usable again, and possibly force the likes of Google into being a little more responsible about the power they provide us.

      We're humans, we like to mess about with stuff by nature. It seems to me that anything we consider important or dangerous should be designed to tolerate or discourage stupidity, but computers sadly arent on that list...
  • Have any of you actually used android?

    I have a really simple point to make, you say in your article '...please be careful. Android lets you download and install apps from anywhere.'

    Android does not, by default, allow you to do this. You have to purposefully go into the settings of your phone and dig down pretty deep to find the correct 'allow non market apps' (play store) option and then confirm that yes, you really do want to be able to download unrecognised apps (apps not on play-store).

    So now we see the truth, Android phones are perfectly secure, but, because Google aren't assholes, they give you the option to download unrecognised apps. This is genuinely useful for bespoke (business) apps, ironically many security softwares require this ability, and if you happen to be a developer or a techy it comes in handy also.

    All in all, you Emil Protalinski are scaremongering and miss-leading your readers; whether intentionally or unintentionally. You have been placed in a position of responsibility, your writing is published on a high profile website that many thousands of people visit every day.

    Please, in future, take this responsibility seriously and use it for good, not for evil. Check your facts before writing.
    nana admin