Microsoft engineer eyeballs Android botnet

Jul 04, 2012 by Nancy Owano report
Botnet
Image credit: Security Networks

(Phys.org) -- A Microsoft engineer has spotted a botnet that targets Yahoo! Mail users using Android devices. Terry Zink , who also writes an Internet security blog, said he has evidence of a botnet running on Android devices where spam e-mail messages are being sent from Yahoo mail servers on Android devices, logging into Yahoo! mail accounts and sending off spam. Zink, embarking on a tracking expedition, reported how all the messages coming from compromised Yahoo! accounts and sent through Yahoo! Mail servers, seemed to finish with “Sent from Yahoo! Mail on Android” signatures.

Zink was able to look up where the IPs were located: Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.

Zink’s theory is that the users of those phones had downloaded a malicious app in order to avoid paying for a legitimate version but they got more than they expected. “Either that or they acquired a rogue Mail app,” he said.

A is a large number of compromised computers used to generate spam, and spread viruses. The spam samples he examined from compromised Yahoo accounts all had the Message-ID:
Message-ID: 1341147286.19774.androidMobile@web140302.mail.bf1.yahoo.com

He also said they all had the same message at the bottom of their spam: “Sent from Yahoo! Mail on Android.”

Android malware is a well-known fact of digital life, and last year security firms like McAfee spoke about sharp rises in Android malware. One reason given for Android’s vulnerability is that the platform simply provides, like Windows, a big marketplace and in turn serves as a big target for intruders. Like other security bloggers offering advice, where they suggest the user takes care to use trusted application stores and avoid unknown sources for apps, Zink said, “Your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace. But if you get it from some guy in a back alley on the Internet, the odds go way up.”

Those minimizing the July 3 posting perhaps would not want to recall the news release one day earlier, on July 2, where Trend Micro said Android malware levels were rising at an alarming rate. In the first three months of the year the team identified 5,000 malicious applications designed to infect Android phones, a number which spiked more than fourfold over subsequent months. “Consumers need to use care when downloading and installing apps and should be considering installing antimalware on their mobile devices," said the release.

Last month, the Defense Advanced Research Projects Agency (DARPA) awarded a $21.4 million contract to security firm Invincea to build security Android devices for the U.S. Army. The contract focus is to be protection of the devices against cyber-threats.

Explore further: Study: Social media users shy away from opinions

More information: blogs.msdn.com/b/tzink/archive… -android-botnet.aspx

Related Stories

Yahoo! helps find smartphone 'apps'

Jun 16, 2011

Yahoo! has begun helping people navigate the sea of applications available for Apple iPhones or mobile gadgets powered by Google-backed Android software.

Staggering surge in Android gadget viruses: Juniper

Nov 16, 2011

The arsenal of malicious code aimed at Android-powered gadgets has grown exponentially, with criminals hiding viruses in applications people download to devices, according to Juniper Networks.

Android users get malware with their apps

Mar 02, 2011

(PhysOrg.com) -- As new platforms make their way into the market there will always someone who is looking to exploit them for illegal or unethical ends. More proof of that fact has come today when Google was ...

Recommended for you

Study: Social media users shy away from opinions

Aug 26, 2014

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

Aug 22, 2014

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

Aug 22, 2014

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

frajo
3 / 5 (2) Jul 05, 2012
Funny.
For 20 years no article about malware dared mention the Windows OS needed for that classic malware. Now the first Android malware is in the wild and is pronto mentioned in the press which is lucky to cite from msdn.com, a truly independent site.

No, thanks.
Nattydread
not rated yet Jul 05, 2012
funny indeed that microsoft point it out! Oh the irony!