I came across some interesting spam samples today.
The messages all come from Yahoo Mail servers. They are all from compromised Yahoo accounts. They are sending all stock spam, the typical pump and dump variety that we’ve seen for years.
But what is interesting about them is that they all contain the following Message-ID:
Furthermore, they all have the following at the bottom of their spam:
Sent from Yahoo! Mail on Android
Sent from Yahoo! Mail on Android
All of these message are sent from Android devices. We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices. These devices login to the user’s Yahoo Mail account and send spam.
Luckily, Yahoo stamps the IP address in the headers of where the device connected to its service. I looked up where the IPs are geo-located: Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.
What’s unusual about these countries?
I’ve written in the past that Android has the most malware compared to other smartphone platforms, but your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace. But if you get it from some guy in a back alley on the Internet, the odds go way up.
I’ve also written that users in the developed world usually have better security practices and fewer malware infections than users in the developing world. Where are almost all of those countries in the list above? Mostly in the developing world.
I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for. Either that or they acquired a rogue Yahoo Mail app.
This ups the ante for spam filters. If people download malicious apps onto their phone that capture keystrokes for their email software, it makes it way easier for spammers to send abusive mail. This is the next evolution in the cat-and-mouse game that is email security.
How is that gunshot wound to the foot feel, Terry?
Microsoft distracting the fact that their operating systems are the most infected in the world and are hosts to botnets?
My Android smart phone has been affected with an email virus. I constantly receive emails saying "mail delivery failure"All of the emails are sent, even though I have lookout on my phone. I dont use Yahoo mail.
With such in-depth researchers and spot-on engineers like yourself, it's hard to imagine why your OS has any bugs at all! This is pathetic. Did you do anything other than look at a signature and a couple headers before jumping on an opportunity to make the competition who is absolutely crushing you look bad, or was that the intention all along? Keep up the quality work!
My experience has been that its the Yahoo mail app on the Android device. Since removing the Yahoo mail app I have eliminated the problem. I have also written to Yahoo asking when they will re-issue the app without all teh access permissions so it the Android device can not be so easily hacked.
looks like someones' android smartphone is sending me spam emails from Yahoo! Mail on Android app!
the mail can be traced to "220.127.116.11" which apparently comes from a spammy neighborhood in Kazakhstan!
the ip itself was detected to be infected with a spam sending trojan at 2012-07-09 16:00 GMT, approximately 20 hours ago, according to major cbls.
hidden within the mail is this content:
"It is more dangerous that you think in this country."humility, he said, "we should not die." I made the captain a although I had a very scanty allowance, being too great for a"
the text is a reference to the books "Dracula Bram Stoker" and "Gulliver's Travels"!