Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Engineer Discovers Android Spam Botnet, Google Denies Claim

Posted by samzenpus on from the yes-you-did-no-we-didn't dept.

An anonymous reader writes "Microsoft engineer Terry Zink has discovered Android devices are being used to send spam. He has identified an international Android botnet and outlined the details on his MSDN blog. A closer look at the e-mails' header information shows all the messages come from compromised Yahoo accounts. Furthermore, they are also stamped with the 'Sent from Yahoo! Mail on Android' signature. Google has denied the allegations. 'The evidence does not support the Android botnet claim,' a Google spokesperson said in a statement. 'Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using.'"

6 of 152 comments (clear)

  1. Engineer is backtracking by John3 · · Score: 5, Informative

    There is a follow-up blog post where Zink backtracks a bit and admits the headers could be forged.

    "In comments of various blogs a lot of people have suggested that these headers are spoofed, or there was a botnet connecting to Yahoo Mail from a Windows PC and sent mail that way. Yes, it’s entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the the message-ID thus overriding Yahoo’s own Message-IDs and added the “Yahoo Mail for Android” tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices."

    --
    "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
  2. Re:A Microsoft engineer? by Megor1 · · Score: 4, Informative

    He is a Program manager so, great journalism zdnet

    --
    Everyone that disagrees with me is a paid shill
  3. Re:Just link to the ACTUAL blog entry by John3 · · Score: 5, Informative

    Here's the original blog entry.

    --
    "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
  4. Re:Why not? by AmberBlackCat · · Score: 5, Informative

    (most users just click yes to anything)

    On Android, you have to. Your only options are accept everything or you don't get the app.

  5. Re:Why not? by Anonymous Coward · · Score: 4, Informative

    I've posted this before, but here we go again. There are quite a few options for fine-grained permission control on Android. My top 3:

    1) Cyanogenmod includes permission management. You'll have to flash it on your device, but it's not hard. http://www.cyanogenmod.com/
    2) PDroid - requires a patched kernel http://www.xda-developers.com/android/pdroid-the-better-privacy-protection/
    3) LBE Privacy guard - requires root https://play.google.com/store/apps/details?id=com.lbe.security.lite

  6. Re:Why not? by Anonymous Coward · · Score: 5, Informative

    To be clear, Cyanogenmod 7 contains permission management. This feature was dropped in Cyanogenmod 9.