Microsoft engineer discovers Android spam botnet

Microsoft engineer discovers Android spam botnet

Summary: A Microsoft engineer has discovered and identified an Android botnet that is sending out spam on an industrial and international scale. Please only install Android apps that you trust.

SHARE:

Update: Google denies Android botnet claim

Microsoft engineer discovers Android spam botnet
Microsoft engineer Terry Zink has discovered Android devices are being used to send spam. He has identified an international Android botnet and outlined the details on his MSDN blog.

Android malware is on the rise. There have been many fake versions of Android apps (see links below) that try to cash in by sending expensive SMS messages. This is different.

In this case, the money is being generated after spam e-mails are sent from Yahoo Mail servers on Android devices. A closer look at the e-mails' header information shows all the messages come from compromised Yahoo accounts. Furthermore, they are also stamped with the "Sent from Yahoo! Mail on Android" signature.

As such, Zink believes a cybercriminal has developed a new piece of malware that can access Yahoo Mail accounts on Android devices and send spam messages from them. Since this is happening on a large scale, it follows the perpetrator has also linked the Android devices together to create a spam botnet, a technique often used when trying to monetize spam; it's all about volume, volume, volume.

Since Yahoo provides the originating IP address for the e-mails, Zink was able to figure out where the spam is being sent from: Asia, Eastern Europe, the Middle East, and South America. More specifically, the e-mails Zink got his hands on came from Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.

Most of these countries are in the developing world, and so the Microsoft engineer argues that users likely tried to download pirated versions of apps to avoid paying. Alternatively, they were tricked into downloading a fake version of the Yahoo Mail app. Either way, it's unlikely they used the official Google Play store.

Android lets you download and install apps from anywhere. Please only install apps from Google Play unless you are absolutely certain you know who wrote the software you want to install. Fighting malware isn't just the responsibility of security firms: you can help by being smart about what you install.

Update: Google denies Android botnet claim

See also:

Topics: Security, Android, Google, Malware, Microsoft, Mobile OS, Open Source, Operating Systems, Smartphones

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

56 comments
Log in or register to join the discussion
  • App store grousing...

    Looks like Apple was right, a single well-controlled App Store is better!
    Tony Burzio
    • Not at all

      A monopolistic app store ..... Gee, how refreshing.
      Not.
      rhonin
      • We already have a monopolistic desktop market

        So why should you complain?
        CaviarBlack
        • Someone here claimed that 80%

          of Web servers are Linux based.

          Would that be a monopoly?
          William Farrel
          • Actually, not quite a monopoly.

            Linux may have the dominant market share, but it is not one flavor of Linux or even one vendor. It is like saying that the ball point has a monopoly in pens. It does in a sense, but since Bic, Parker, etc. all make pens with the same technology inside, no one of them has a monopoly.
            grant@...
          • Wilie will have a tough time getting that

            He already thinks a ball point is a computer anyway.

            lol...
            CaviarBlack
    • How do you know?

      How do you know that malware has never gotten into the App Store? Apple routinely deletes dozens of apps from the App Store, usually without explanation, how do you know that some of them weren't deleted because they were found to be malicious? Honestly, you can't, because 'transparency' and 'Apple' haven't appeared together in a sentence very often.
      Doctor Demento
      • uh...

        there's one amazingly creative argument. well done laddie. yours is truly a singular mind.
        oneleft
      • Why are we debating the App Store Vs. Google Play?

        The article states that the fake apps did not even come from Google Play. In order to install an app that is not from Google Play on your Android device you have to manually go into the settings and turn on that functionality.

        On my Droid 3 you have to drill down 3 levels in the settings to get there and then say OK to a rather severe warning message agreeing that "...you are solely responsible...". Sometimes I think if you go through all that to avoid paying the $2 an app costs, you probably deserve what you get.

        An exception would be the low end/no name/knock off devices that don't use the Google Play store and have their own instead.
        cornpie
    • wow.. just wow.

      Cannot believe anyone thinks like this. and on Independence Day no less..

      Maybe England was right, a single well controlled monarchy is better. Or maybe Hitler had the right idea, a single master race is the way to go. Or maybe it is Apple who best exemplifies these ideas... ?
      aawolfe@...
      • wow... just wow

        hitler? HITLER?!?!?!? seriously. wow. just wow.
        oneleft
        • Godwin's law popped up quicker than normal.

          Eventually, it usually happens, but this may be record time.
          grant@...
    • Not true

      Did you not read the entire post?

      It says that the fake apps were most likely downloaded OUTSIDE of the Google Play store...
      Mitchell McLeod
  • No surprise, it takes one to know one

    From the article:
    "Android lets you download and install apps from anywhere.

    Only after a user modifies the app install setting (or roots the device). Many Android device users modify the app install setting so that they are not locked into the app store which their device defaults to.
    Rabid Howler Monkey
    • Jail-breaking the phone puts all the responsibility on the user.

      The user can't determine "trusted" applications vs. "rogue" apps easily and succumbs to Trojans.

      It's a common denominator for any OS. People take offense to walled gardens, but at the same time, cannot handle the responsibility of finding only trusted applications.

      "Security is a Network of Trust"
      --Linux Torvalds
      Joe.Smetona
      • In order to sideload apps you don't have to jailbreak Android devices.

        Simply go to settings and check allow to install apps from anywhere.
        Ram U
        • What are you supposed to do?

          It is still jail-breaking. Google is supplying trusted apps and you are choosing to go elsewhere.

          I use the Ubuntu-Mint repository. No problems. I'm sure I can find applications out in the wild with Trojans that will adversely affect my Mint 13 installation.

          From another point of view, what do common users do? They use the default settings. Is Google going to take responsibility for applications with Trojans installed from outside their repository?

          Jail-breaking is modifying the phone to go outside the default settings, choosing not to use the recommended, trusted applications.
          Joe.Smetona
          • No, not quite...

            It's not "jail-breaking" (jail-breaking isn't really even an android term) because it does not require rooting or any other modifications to the phone. If anything that went "outside the default settings" were jail breaking then any change to any setting such as turning on accessibility options (that are not on by default) would be jail breaking. Just changing settings that that Google provides as a default part of the OS by checking boxes etc, is not jail breaking. That is not at all the same thing.

            That said, Google does bury this a couple of levels down in the settings and say OK to accepting all responsibility for what happens - then manually download an apk file, then manually run it and manually accept more warnings. If after all that, the user still chooses to do something stupid, well, that's pretty much their own fault.
            cornpie
          • Good explanation.

            I don't own a smartphone. I'm planning on getting a Droid soon. I guess I'm using the term loosely. I don't own any Apple and I can see the advantage of their controlling the software. I think it's necessary to protect the general population from malware.

            Linux has the software manager which contains 33,000 applications that can be trusted. I also install from trusted web sites like Google, Filezilla, Truecrypt, etc.

            Unfortunately, going on the internet to install untested applications is going to be dangerous. People see it as freedom and getting a better selection, but really aren't capable of identifying potential Trojan infections. Giving the computer the authority to install something presupposes you are only going to get exactly what you ordered, and nothing more.
            Joe.Smetona
    • Apps from outside Google play

      You do not need to root to install an app from from outside the play store. To install an app from outside you need only change the setting
      Matthew Burtis