Microsoft engineer discovers Android spam botnet
Summary: A Microsoft engineer has discovered and identified an Android botnet that is sending out spam on an industrial and international scale. Please only install Android apps that you trust.
Update: Google denies Android botnet claim
Microsoft engineer Terry Zink has discovered Android devices are being used to send spam. He has identified an international Android botnet and outlined the details on his MSDN blog.
Android malware is on the rise. There have been many fake versions of Android apps (see links below) that try to cash in by sending expensive SMS messages. This is different.
In this case, the money is being generated after spam e-mails are sent from Yahoo Mail servers on Android devices. A closer look at the e-mails' header information shows all the messages come from compromised Yahoo accounts. Furthermore, they are also stamped with the "Sent from Yahoo! Mail on Android" signature.
As such, Zink believes a cybercriminal has developed a new piece of malware that can access Yahoo Mail accounts on Android devices and send spam messages from them. Since this is happening on a large scale, it follows the perpetrator has also linked the Android devices together to create a spam botnet, a technique often used when trying to monetize spam; it's all about volume, volume, volume.
Since Yahoo provides the originating IP address for the e-mails, Zink was able to figure out where the spam is being sent from: Asia, Eastern Europe, the Middle East, and South America. More specifically, the e-mails Zink got his hands on came from Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.
Most of these countries are in the developing world, and so the Microsoft engineer argues that users likely tried to download pirated versions of apps to avoid paying. Alternatively, they were tricked into downloading a fake version of the Yahoo Mail app. Either way, it's unlikely they used the official Google Play store.
Android lets you download and install apps from anywhere. Please only install apps from Google Play unless you are absolutely certain you know who wrote the software you want to install. Fighting malware isn't just the responsibility of security firms: you can help by being smart about what you install.
Update: Google denies Android botnet claim
See also:
- Malware charges users for free Android apps on Google Play
- Android malware families nearly quadruple from 2011 to 2012
- A first: Hacked sites with Android drive-by download malware
- Warning: Fake Biophilla app on Android is malware
- Warning: Fake Instagram app on Android is malware
- Malicious version of Angry Birds Space spotted in the wild
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
App store grousing...
Not at all
Not.
We already have a monopolistic desktop market
Someone here claimed that 80%
Would that be a monopoly?
Actually, not quite a monopoly.
Wilie will have a tough time getting that
lol...
How do you know?
uh...
Why are we debating the App Store Vs. Google Play?
On my Droid 3 you have to drill down 3 levels in the settings to get there and then say OK to a rather severe warning message agreeing that "...you are solely responsible...". Sometimes I think if you go through all that to avoid paying the $2 an app costs, you probably deserve what you get.
An exception would be the low end/no name/knock off devices that don't use the Google Play store and have their own instead.
wow.. just wow.
Maybe England was right, a single well controlled monarchy is better. Or maybe Hitler had the right idea, a single master race is the way to go. Or maybe it is Apple who best exemplifies these ideas... ?
wow... just wow
Godwin's law popped up quicker than normal.
Not true
It says that the fake apps were most likely downloaded OUTSIDE of the Google Play store...
No surprise, it takes one to know one
"Android lets you download and install apps from anywhere.
Only after a user modifies the app install setting (or roots the device). Many Android device users modify the app install setting so that they are not locked into the app store which their device defaults to.
Jail-breaking the phone puts all the responsibility on the user.
It's a common denominator for any OS. People take offense to walled gardens, but at the same time, cannot handle the responsibility of finding only trusted applications.
"Security is a Network of Trust"
--Linux Torvalds
In order to sideload apps you don't have to jailbreak Android devices.
What are you supposed to do?
I use the Ubuntu-Mint repository. No problems. I'm sure I can find applications out in the wild with Trojans that will adversely affect my Mint 13 installation.
From another point of view, what do common users do? They use the default settings. Is Google going to take responsibility for applications with Trojans installed from outside their repository?
Jail-breaking is modifying the phone to go outside the default settings, choosing not to use the recommended, trusted applications.
No, not quite...
That said, Google does bury this a couple of levels down in the settings and say OK to accepting all responsibility for what happens - then manually download an apk file, then manually run it and manually accept more warnings. If after all that, the user still chooses to do something stupid, well, that's pretty much their own fault.
Good explanation.
Linux has the software manager which contains 33,000 applications that can be trusted. I also install from trusted web sites like Google, Filezilla, Truecrypt, etc.
Unfortunately, going on the internet to install untested applications is going to be dangerous. People see it as freedom and getting a better selection, but really aren't capable of identifying potential Trojan infections. Giving the computer the authority to install something presupposes you are only going to get exactly what you ordered, and nothing more.
Apps from outside Google play