A quick follow up on my previous post about spam from an Android botnet, there are a few things I need to point out:
Security expert Graham Cluley, from anti-virus firm Sophos, said it was highly likely the attacks originated from Android devices, given all available information, but this could not be proven. That’s true.
This was the first time smartphones had been exploited in this way, he said. "We've seen it done experimentally to prove that it's possible by researchers, but not done by the bad guys," he told the BBC. "We are seeing a lot of activity from cybercriminals on the Android platform.
Those are the things I wanted to add.
It is far more likely that someone ran packet capturing to see the http API used by yahoo for their android mail application, and wrote a simple program to send mail via that API, than that someone has a botnet on android phones installing yahoo's mail app, configuring it to use fraudulent accounts, and then driving it via the phone.
Yahoo likely has less robust challenging/outbound filtering on the android API calls, due to less overall abuse, and general difficulties of handling those on a real phone.
Seems the Android bitches here have forgotten Occam's Razor.
I'm surprised that working for Microsoft you can't spot real or fake malware, after all no one has more experience of viruses/malware than Microsoft.
Just drop it man, your reputation is now in tatters.
Could I hear your take on the HTTP usage in the yahoo app?
I'm seeing people use it to attach your story but I'd like to hear it from your point of view.