A quick follow up on my previous post about spam from an Android botnet, there are a few things I need to point out:
Security expert Graham Cluley, from anti-virus firm Sophos, said it was highly likely the attacks originated from Android devices, given all available information, but this could not be proven. That’s true.
This was the first time smartphones had been exploited in this way, he said. "We've seen it done experimentally to prove that it's possible by researchers, but not done by the bad guys," he told the BBC. "We are seeing a lot of activity from cybercriminals on the Android platform.
Those are the things I wanted to add.
Thanks for writing this update, Terry Zink. It is likely, but not proven that Android devices (or rather, Android apps running on Android devices) are the cause. Since it hasn't been proven though, a follow-up to your July 3 post was a good idea!
A few more things to keep in mind:
1) Google is not available for comment as offices are closed from July 4 through July 6. Once open again, I would expect a response.
2) Trend Micro's detailed report advises users
"to be aware that Android is an open ecosystem where the level of vetting of applications before they are allowed on Google Play is minimal, therefore the site carries more risk than the more tightly controlled Apple App Store."
That is a suggestion, a sensible one, but not an indictment. Better yet, here's the link to the July 2 report
3) An argument against a bot net connecting to Yahoo! mail, header spoofing and so on: I am fairly confident that Yahoo! monitors outbound email for spam. Wouldn't Yahoo! have caught this sort of activity if it was sent out directly from Yahoo! mail servers?
> Wouldn't Yahoo! have caught this sort of activity if it was sent out
> directly from Yahoo! mail servers?
Yahoo does monitor outbound spam, but this is a cat-and-mouse game. All the major webmail providers continually monitor their traffic but spammers are forever compromising accounts, all the time trying to stay one step ahead.
To support your previous post, have you tried to send mail from an Android device through Yahoo Mail, and verified that the mail had the same features you pointed out in the post?
The Yahoo! mail app on android has exactly these features.
I do not understand the criticism against Android for allowing users to install apps from third party sources. Windows OS allows the same and faces a massive malware problem. Why is it ok for a Desktop OS to be open but mobile OS to be closed? Are you trying to say that Windows OS should get locked down as well like Windows Phone platform?
@Just One Question: I'm not saying that Google is either right or wrong with their model. Microsoft (and Apple) have chosen a closed model, while Google has chosen an open model. Both have their advantages, and both have their drawbacks.
I've written in the past about what Android threats look like:
And I have written how Google combats abuse of their platform:
They put in a lot of hard work and effort to ensure that their users stay protected. However, malware writers are also hard at work, trying to take advantage of this consumer shift away from PCs to phones and tablets.
Well you just look like a complete fool... well done. I'm not sure you have sufficiently explained why you chose the latter option rather than thinking that the emails might simply be using spoofed headers.
If you were aware that this is a possibility, why not actually investigate this? I don't see the slightest hint of proof that these messages were coming from any mobile devices, nor any effort to even try to gather proof. This is some straight up mud-slinging, and what little reputation you may have had is surely suffering for it.
Great fud camppaing from MS. usless "researcher" claiming without knowing.
Nice FUD campaign, Microsofties! LOL, LOL, LOL
Fail on Elops, Ballmers, et al.
The problem is that you are looking for a specific cause because of your employer, therefore we need to take your claims with a pinch of salt.
Nice viral marketing for windows phone.
"On the other hand, the other possibility is that Android malware has become much more prevalent and because of its ubiquity, there is sufficient motivation for spammers to abuse the platform. The reason these messages appear to come from Android devices is because they did come from Android devices."
Sure, it's at least a reasonable hypothesis. You did however make the following statement:
"All of these message are sent from Android devices. We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices."
So how did you get from the possibility to the definitive statement that they definitely came from Android devices and that you'd discovered a botnet?
(Hope this doesn't double-post)
Wow! I am certainly no friend of Microsoft - in every company I've worked in I attack them mercilessly almost every day (I'm the "Anti-Microsoft guy"). Terry Zink is absolutely NOT a MS apologist! Read this blog and you will see that he is one of the most balanced and technology neutral bloggers you will come across (and also a legend btw!). I frequently ask myself why his bosses don't reprimand him for not towing the line more!
Doesn't MS have enough problems of their own they should be spending time researching and fixing.
Well, you guys certainly would know what a freakin' botnet look like, right?