Android-Based Spam Attack: A Smartphone Botnet In Action?


A purported botnet is targeting Android-based smartphones as a means of delivering spam. The exploit leverages the Yahoo mail accounts of the phones’ owners, and it is believed by some to be the first time that malware authors have managed to assemble an army of Android phones for the delivery of spam.

This development was first reported on Tuesday by security blogger Terry Zink who wrote that the botnet is producing “the typical pump and dump variety that we’ve seen for years.”

In each case, the messages are reported to contain the message ID, "1341147286.19774.androidMobile@web140302.mail.bf1.yahoo.com," and acknowledge being sent from Yahoo Mail on Android, at the bottom of the dispatch.

[Related: How to Maintain Security in a BYOD World]

Zink also reports that the IP addresses in the headers point to sources located in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine and Venezuela.

“PCs have been used by botnets for a long time, and because android is prone to malicious apps from unauthorized sites in particular, they are able to spread malware using these malicious applications over android,” said Neil Roiter, research director at Hudson, Mass.-based Corero Network Security. “Android doesn't fully vet and certify all the applications before they go on their site, which is one reason why this is happening. But in defense of Android and Google, they are doing a much better job now of scanning their marketplace for malicious applications. The problem is that you also have these non-authorized sites throughout the world, and Google has no control over those because it's an open platform through which people can design apps and post them wherever they want.”

Roiter recommends that people only acquire applications through the authorized Android market, particularly those that have high numbers of downloads. He also acknowledged that people often visit unauthorized sites looking for a wider range of applications in their own languages. “So there are probably a lot of legitimate applications on those sites, as well as some nasty ones,” he said.

In response, Google issued a statement to media outlets saying the source of the problem is more likely to stem from infected computers with fake mobile signatures rather than an actual botnet of zombie Android smartphones.

Others are not so sure.

“Androids are the least secure smartphone platform,” said Andrew Plato, president and chief technical architect at Beaverton, Ore.-based Anitian Enterprise Security. “It doesn’t have encryption and other controls, so it’s relatively hackable. I’m actually surprised it took this long to happen.”

PUBLISHED JULY 5, 2012