Google denies Android botnet claim
Summary: After a Microsoft engineer claimed he discovered an Android botnet sending out spam on an international scale, Google has denied the allegations. It's still unclear, however, where the spam is coming from.
Update on July 16 - New Yahoo app vulnerability explains Android spam
On Wednesday I wrote about how Microsoft engineer Terry Zink said he discovered Android devices were being used to send spam as part of an international Android spam botnet. Today, Google got in touch with me and denied Microsoft's claim.
"The evidence does not support the Android botnet claim," a Google spokesperson said in a statement. "Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using."
Zink explained how he found spam e-mails were being sent from compromised Yahoo accounts accessed by Android devices. He deduced this by looking at the e-mails' header information as well as noting the "Sent from Yahoo! Mail on Android" signature. The Microsoft engineer speculated a cybercriminal had developed a new piece of malware that can access Yahoo Mail accounts on Android devices, send spam messages from them, and had linked them together to create a spam botnet.
Security firm Sophos today also shared its findings on the spam e-mails in question:
The messages appear to originate from compromised Google Android smartphones or tablets. All of the samples at SophosLabs have been sent through Yahoo!'s free mail service and contain correct headers and SPF signatures.
Like Zink, Sophos concluded that it is "likely" Android users are downloading Trojanized pirated copies of paid Android apps. The security firm could not, however, prove that the attacks originated from Android devices. In a follow up blog post on MSDN, the Microsoft engineer agreed that this could not be stated conclusively:
In comments of various blogs a lot of people have suggested that these headers are spoofed, or there was a botnet connecting to Yahoo Mail from a Windows PC and sent mail that way. Yes, it’s entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the the message-ID thus overriding Yahoo’s own Message-IDs and added the “Yahoo Mail for Android” tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices.
Since Yahoo provides the originating IP address for its e-mails, it is possible to see where the spam is being sent from: Asia, Eastern Europe, the Middle East, and South America. The e-mails Zink got his hands on came from Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela. The samples analyzed by Sophos originated from Argentina, Ukraine, Pakistan, Jordan, and Russia.
Even if you are not in any of these countries, please be careful. Android lets you download and install apps from anywhere. Please only install apps from Google Play unless you are absolutely certain you know who wrote the software you want to install.
I will keep you posted once I learn more as to whether the spam e-mails are coming from Android devices or if someone is simply making it look like they are.
Update on July 16 - New Yahoo app vulnerability explains Android spam
See also:
- Malware charges users for free Android apps on Google Play
- Android malware families nearly quadruple from 2011 to 2012
- A first: Hacked sites with Android drive-by download malware
- Warning: Fake Biophilla app on Android is malware
- Warning: Fake Instagram app on Android is malware
- Malicious version of Angry Birds Space spotted in the wild
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Not sure either way but...
Same here...
Yahoo is a spamhouse. What is interesting - quantity of spam went up several times after Facebook IPO. I do not think this is coincidence - when my wife created Facebook account under my name all my Yahoo addressbok addresses were copied by Facebook and everybody on my addressbok got invitation to join Facebook from *me*...
Oh, I agree.
Can tell
shameful
Why is it important to even waste their time working on android? So is their post going to hurt android or help MSFT? You only need to look at who would gain the most from the posting and you will find the real culprit.
With a less than
Good lord what a troll. A clearly admitted troll.
The handle says it all.
Just to show you how completely and entirely STUPID your comment of:
"Why are they posting about things they do not work on? Why is it important to even waste their time working on android?"
Who says that 'they' were working on Android? Nothing says at all they were working on Android. Not a single solitary thing. What it does say is that they "discovered Android devices were being used to send spam". And that doesn't mean you have got to be working on Android devices to discover that.
What a better question would be is what are you doing commenting on MSFT when you are clearly so biased against them, anything you say about them will be about as worthless as a skinheads commentary on people of other races.
Sometimes I really feel compelled to ask what it was that MS ever did to you so bad that makes you feel compelled to take the time to write nonsense about them. Millions on millions use Windows around the world every day without incident or any misadventure yet the likes of you seem to want to spread the notion that Windows is some kind of plague.
Well, here is the news pal, just in case you havnt heard. People just like you have been doing an even better job trying to spread that FUD around for years. And guess what?
Its not working.
It never will.
Actually Cayble,
Interesting that you took the MS engineer's original statement at face value even though the statement and who it was coming from could very well indicate bias and therefor should be as worthless as a skinheads comments on race. You even disregarded his follow up statement that it was not conclusive that the spam originated from Android devices.
Any negative statement about something where there could be a dissenting opinion could indicate bias. If I had the opinion that MS should be boycotted would my opinion automatically invalidate my reasons for holding that opinion merely because my opinion showed a bias against MS? Are you actually suggesting that any bias, positive or negative, invalidates a person's reasons for forming an opinion?
Well
There is a difference in taking their word for it
"The evidence does not support the Android botnet claim," a Google spokesperson said in a statement. "Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using."
The researcher who initially made the statement has also admitted that there is no conclusive evidence that the emails are originating from an android botnet as well as other experts who have identified other possible methods by which the emails could be being spread by faking the Android signature.
All that said, it is possible that it really is an Android botnet but of course MS would be quick to spread the news knowing that if it doesn't turn out to be an Android botnet after all, that news prbably won't be as sensational as the premature and false report. It is likely that in the future, people will only remember the headlines about and Android botnet and this will carry a lasting effect which will be damaging to Androids reputation even if it proves to be false.
Malicious aps in the app store is not the same
In my opinion, Google did blunder by putting their desire to grow their app store in size ahead of security audits of the software submitted. Google has blundered on several business decisions and they really should have me as an advisor. I could have told them before the obvious bad ideas came back and bit them. They do seem to loose focus when it comes to common sense vs. business sense.
The app store should have been designed around the concept of trust relationships. Android developers could become verified in order to build a trust relationship and trusted developers would get higher ratings and their submissions could get fast tracked into the store. Any abuse of the trust extended to them would result in lowering their trust score and serious breaches would result in losing their trusted status and potential criminal charges pressed if the software turned out to violate privacy or fraud laws.
they have bigger problems
100% false
Wow...
Wow!
While I do personally boycott MS products even as I support my customers MS products, I also try when I can to offer competing solutions as alternative options. I do hold a significant bias against MS but my reasons are based on the experience gained from supporting MS products for the last thirty years and the observations during that time of MS history of using unfair business practices to gain competitive advantage rather than competing on its merits. I believe this latest incident just one more example of the dirty tricks MS will go to in order to damage a competitor's image because I find it doubtful that this engineer released his findings without the consent of his superiors. At this point the issue is not whether or not the findings are correct but that the announcement of the news is likely to stir up much more controversy and gain much more attention than the later findings that it wasn't actually an Android botnet. Only if Google makes a legal issue over the libel would the news that it wasn't a botnet receive as much attention. Of course MS knows it's pretty safe from such action as Google launching such a lawsuit is not likely to provide much in the way of compensation as they would have to prove damages that are in fact impossible to quantify. Basically, MS can libel its competitor with out much fear of reprisal and whether or not their engineer's findings prove to be accurate or not MS will benifit from the libel.
All of that said, I cannot support anyone who purports to be on the right side but engages in the very same mudslinging and spreading of FUD that makes me feel that MS should be boycotted. If there is equal wrong on both sides there is little motivation to choose one side over the other... so why boycott MS at all?
The ZDNet Christmas Tree is full of twisted ornaments.
nice whine
Hey I have an idea
Everyone needs to get together and just do it. JUST DO IT! :) Sure there are going to be some customers that will be angry, but you know what, after thier mail host realizes no one will accept mail from them you will see how quickly they become compliant. And if they don't, they will lose their customer base.
Interestingly enough, your will is likely done.
They spent 30-odd years building an industry that was intended to put computing power at the fingertips of the masses. It was a lofty goal, but what ensued isnt pretty. Instead, we got computer-based 'communitainment' aimed at the lowest common denominator - the WWW - and its not computing in the nature that Bill Gates originally saw.
A lot of the problem is customisability. Android suffers from this too, what makes it useful to the masses makes it useful to criminals too. I suspect this is why Microsoft are tearing down and starting from scratch with a template system they can better control, while still providing what the majority of us are actually using today.
Average Joe doesnt want or need computing, he wants an entertainment and communications platform that computers - PCs - have traditionally provided up to now as a 'swiss army knife' solution. Mobile devices are encroaching on that fast, but are just smaller versions of the same type of system.
Surface appears to be an integrated alternative, designed from scratch to provide only what is needed. I cant say I'm much of a fan myself, but it might well stow the disruptive element down enough to make things like email usable again, and possibly force the likes of Google into being a little more responsible about the power they provide us.
We're humans, we like to mess about with stuff by nature. It seems to me that anything we consider important or dangerous should be designed to tolerate or discourage stupidity, but computers sadly arent on that list...
Have any of you actually used android?
Android does not, by default, allow you to do this. You have to purposefully go into the settings of your phone and dig down pretty deep to find the correct 'allow non market apps' (play store) option and then confirm that yes, you really do want to be able to download unrecognised apps (apps not on play-store).
So now we see the truth, Android phones are perfectly secure, but, because Google aren't assholes, they give you the option to download unrecognised apps. This is genuinely useful for bespoke (business) apps, ironically many security softwares require this ability, and if you happen to be a developer or a techy it comes in handy also.
All in all, you Emil Protalinski are scaremongering and miss-leading your readers; whether intentionally or unintentionally. You have been placed in a position of responsibility, your writing is published on a high profile website that many thousands of people visit every day.
Please, in future, take this responsibility seriously and use it for good, not for evil. Check your facts before writing.
http://androidcupcake.com/