Freigeben über

A bit more on that spam from an Android botnet

  • Artikel

A quick follow up on my previous post about spam from an Android botnet, there are a few things I need to point out:

  • Sophos discovered the same thing on their Naked Security blog:

    The messages appear to originate from compromised Google Android smartphones or tablets. All of the samples at SophosLabs have been sent through Yahoo!'s free mail service and contain correct headers and SPF signatures.
    This is the same evidence that I found.

    It is likely that Android users are downloading Trojanized pirated copies of paid Android applications. The samples we analyzed originated in Argentina, Ukraine, Pakistan, Jordan and Russia.

  • The BBC picked up the story and got some comments from Graham Cluley of Sophos where he says:

    Security expert Graham Cluley, from anti-virus firm Sophos, said it was highly likely the attacks originated from Android devices, given all available information, but this could not be proven.
    That’s true.

    This was the first time smartphones had been exploited in this way, he said. "We've seen it done experimentally to prove that it's possible by researchers, but not done by the bad guys," he told the BBC. "We are seeing a lot of activity from cybercriminals on the Android platform.

  • In comments of various blogs a lot of people have suggested that these headers are spoofed, or there was a botnet connecting to Yahoo Mail from a Windows PC and sent mail that way.  Yes, it’s entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the the message-ID thus overriding Yahoo’s own Message-IDs and added the “Yahoo Mail for Android” tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices.

    On the other hand, the other possibility is that Android malware has become much more prevalent and because of its ubiquity, there is sufficient motivation for spammers to abuse the platform. The reason these messages appear to come from Android devices is because they did come from Android devices.

    Before writing my previous post, I considered both options but selected the latter.

Those are the things I wanted to add.

Comments

  • Anonymous
    July 05, 2012
    The comment has been removed

  • Anonymous
    July 05, 2012
    > Wouldn't Yahoo! have caught this sort of activity if it was sent out > directly from Yahoo! mail servers? Yahoo does monitor outbound spam, but this is a cat-and-mouse game. All the major webmail providers continually monitor their traffic but spammers are forever compromising accounts, all the time trying to stay one step ahead.

  • Anonymous
    July 05, 2012
    To support your previous post, have you tried to send mail from an Android device through Yahoo Mail, and verified that the mail had the same features you pointed out in the post?

  • Anonymous
    July 05, 2012
    @Chih-Cherng The Yahoo! mail app on android has exactly these features.

  • Anonymous
    July 05, 2012
    I do not understand the criticism against Android for allowing users to install apps from third party sources. Windows OS allows the same and faces a massive malware problem. Why is it ok for a Desktop OS to be open but mobile OS to be closed? Are you trying to say that Windows OS should get locked down as well like Windows Phone platform?

  • Anonymous
    July 05, 2012
    The comment has been removed

  • Anonymous
    July 05, 2012
    Well you just look like a complete fool... well done. I'm not sure you have sufficiently explained why you chose the latter option rather than thinking that the emails might simply be using spoofed headers. If you were aware that this is a possibility, why not actually investigate this? I don't see the slightest hint of proof that these messages were coming from any mobile devices, nor any effort to even try to gather proof. This is some straight up mud-slinging, and what little reputation you may have had is surely suffering for it.

  • Anonymous
    July 05, 2012
    Great fud camppaing from MS. usless "researcher" claiming without knowing.

  • Anonymous
    July 05, 2012
    Nice FUD campaign, Microsofties! LOL, LOL, LOL Fail on Elops, Ballmers, et al.

  • Anonymous
    July 05, 2012
    The problem is that you are looking for a specific cause because of your employer, therefore we need to take your claims with a pinch of salt.

  • Anonymous
    July 05, 2012
    Nice viral marketing for windows phone.

  • Anonymous
    July 05, 2012
    The comment has been removed

  • Anonymous
    July 05, 2012
    The comment has been removed

  • Anonymous
    July 05, 2012
    Doesn't MS have enough problems of their own they should be spending time researching and fixing.

  • Anonymous
    July 05, 2012
    The comment has been removed

  • Anonymous
    July 06, 2012
    The comment has been removed

  • Anonymous
    July 06, 2012
    The comment has been removed

  • Anonymous
    July 08, 2012
    I'm surprised that working for Microsoft you can't spot real or fake malware, after all no one has more experience of viruses/malware than Microsoft. Just drop it man, your reputation is now in tatters.

  • Anonymous
    July 09, 2012
    Could I hear your take on the HTTP usage in the yahoo app? I'm seeing people use it to attach your story but I'd like to hear it from your point of view. Thanks, Derry