A quick follow up on my previous post about spam from an Android botnet, there are a few things I need to point out:
- Sophos discovered the same thing on their Naked Security blog:
The messages appear to originate from compromised Google Android smartphones or tablets. All of the samples at SophosLabs have been sent through Yahoo!’s free mail service and contain correct headers and SPF signatures.
This is the same evidence that I found.
It is likely that Android users are downloading Trojanized pirated copies of paid Android applications. The samples we analyzed originated in Argentina, Ukraine, Pakistan, Jordan and Russia.
- The BBC picked up the story and got some comments from Graham Cluley of Sophos where he says:
- In comments of various blogs a lot of people have suggested that these headers are spoofed, or there was a botnet connecting to Yahoo Mail from a Windows PC and sent mail that way. Yes, it’s entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the the message-ID thus overriding Yahoo’s own Message-IDs and added the “Yahoo Mail for Android” tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices.
On the other hand, the other possibility is that Android malware has become much more prevalent and because of its ubiquity, there is sufficient motivation for spammers to abuse the platform. The reason these messages appear to come from Android devices is because they did come from Android devices.
Before writing my previous post, I considered both options but selected the latter.
Security expert Graham Cluley, from anti-virus firm Sophos, said it was highly likely the attacks originated from Android devices, given all available information, but this could not be proven.
This was the first time smartphones had been exploited in this way, he said. "We’ve seen it done experimentally to prove that it’s possible by researchers, but not done by the bad guys," he told the BBC. "We are seeing a lot of activity from cybercriminals on the Android platform.
Those are the things I wanted to add.