Google denies Android botnet spam claims
Published Jul 6 2012, 12:18 BST | By Andrew Laughlin
Google has denied claims that handsets running its Android mobile operating system have been infected with a virus that causes them to generate spam messages.
On Tuesday (July 3), Microsoft
researcher Terry Zink claimed to have found evidence that Android phones were being used in a botnet, a virus attack that typically affects PCs by making them churn out junk mail.
But in a statement, Google said that there was no evidence to support claims that Android phones had been compromised.
Zink said that he had found spam messages coming from Yahoo Mail servers, all containing the following message-ID: <1341147286.19774.androidMobile@web140302.mail.bf1.yahoo.com>
He said that the messages were sent from Android devices, suggesting the first evidence that the phones could be used for a botnet.
"I've written in the past that Android has the most malware compared to other smartphone platforms, but your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace," said Zink in a blog post
. "But if you get it from some guy in a back alley on the Internet, the odds go way up."
The researcher feels that affected users may have downloaded a malicious Android app, or acquired a rogue Yahoo mail app, providing a new concern for the web security industry.
"This ups the ante for spam filters. If people download malicious apps onto their phone that capture keystrokes for their email software, it makes it way easier for spammers to send abusive mail," he warned. "This is the next evolution in the cat-and-mouse game that is email security."
The Sophos security firm also discovered the spam and reported the outbreak on its Naked Security blog
Sophos said: "The messages appear to originate from compromised Google Android smartphones or tablets. All of the samples at SophosLabs have been sent through Yahoo!'s free mail service and contain correct headers and SPF signatures."
However, search giant Google told BBC News
that the junk messages actually originated from PCs, but the spammers had formatted them to appear as though they came from Android smartphones.
"Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using," said Google.
Google feels that this approach gives junk mail a better chance to get past spam filters and reach people's inboxes.
Lookout, the mobile security specialists, also doubted Zink's claims.
In a blog post
, the firm's boss Ken Mahaffey said that while it cannot completely rule out an Android botnet, it appears more likely that the malware originated from the Yahoo Mail Android app.
"In order for the botnet explanation to be valid, each of the originating devices would have to be infected with mobile malware. While this is certainly a possibility (and one that we can't refute), there is another explanation that we believe is significantly more likely," he wrote.
"Regardless of how this spam campaign works, it was clear from initial reports that the Yahoo! Mail Android app may play a key role.
"After taking a detailed look at the app, we've found a number of issues that have potentially broader implications for all Android users of Yahoo! Mail. In the interest of responsible disclosure, we cannot at this time provide details around such vulnerabilities.
"We've reached out to Yahoo! with this information and they have acknowledged that their mobile team is actively working on these issues."
Zink later posted a follow-up blog post
, in which he admitted that it was not possible at this stage to prove that Android phones had been used in a botnet.
However, he warned that the quantity of malware on Android, the biggest mobile OS in the world, was on the increase.
"Android malware has become much more prevalent and because of its ubiquity, there is sufficient motivation for spammers to abuse the platform," he said.
"The reason these messages appear to come from Android devices is because they did come
from Android devices." (his italics)