Cyber security experts from Microsoft have spotted real-world examples of spam email sent, not from a dedicated spam server, but from Android phones. The spam being sent is the run-of-the-mill type trying to sell fake Rolex watches and other items (which can’t be mentioned in polite conversation) and their existence implies that the spammers have control of an Android based botnet. A botnet is a group of private resources (traditionally desktop PCs or servers) which have been infected with malware. Once infected the spammers can control the device and use it to send spam emails. This way they don’t consume their own resources in sending the spam and also they manage to send the spam from IP addresses all over the world.
Each of the spam emails has the text “Sent from Yahoo! Mail on Android” at the bottom and a further look at the email message headers confirms that they are being sent via Yahoo! Mail. According to Terry Zink from Microsoft, “We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices. These devices login to the user’s Yahoo Mail account and send spam.”
Since Yahoo! puts the IP address of the sending device in the message headers then Zink was able to look them up and determine the location of the devices. Unsurprisingly, the countries involved are Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.
So what do these locations have in common? Basically the users in this countries don’t use trusted app stores like Google Play or the Amazon Appstore but rather they use unsupervised stores where cyber criminals can easily submit infected apps. These infected apps are often modified versions of popular apps (including Angry Birds and Instagram) or paid-for apps which are offered for free. The downloader thinks they are getting a premium app for nothing but in fact they are infecting their phone with malware. As Terry Zink put it “your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace. But if you get it from some guy in a back alley on the Internet, the odds go way up.”
As always – be careful what you download and from where you download it!
Like this post? Share it!
looks like someones’ android smartphone is sending me spam emails from Yahoo! Mail on Android app!
the mail can be traced to “126.96.36.199″ which apparently comes from a spammy neighborhood in Kazakhstan!
the ip itself was detected to be infected with a spam sending trojan at
2012-07-09 16:00 GMT, approximately 20 hours ago, according to major
hidden within the mail is this content:
“It is more
dangerous that you think in this country.”humility, he said, “we should
not die.” I made the captain a although I had a very scanty allowance,
being too great for a”
the text is a reference to the books “Dracula Bram Stoker” and “Gulliver’s Travels”!
Anyone play? Angry gran toss