JavaScript disabled. Please enable JavaScript to use My News, My Clippings, My Comments and user settings.

If you have trouble accessing our login form below, you can go to our login page.

If you have trouble accessing our login form below, you can go to our login page.

Researcher uncovers Android phone 'botnet', defends finding

Date

Zoom in on this story. Explore all there is to know.

Android on staff... SAP and Samsung's alliance may accelerate corporate adoption.

Android on staff... SAP and Samsung's alliance may accelerate corporate adoption. Photo: Matthew Bayard

Malware has been spreading on Android mobile phones that takes control of certain email accounts to create a "botnet" - or a compromised device - to send out spam, a security researcher said this week.

Microsoft security engineer Terry Zink said the malware has infected the phones of users of Yahoo email accounts to send out spam messages.

"We've all heard the rumors, but this is the first time I have seen it - a spammer has control of a botnet [program] that lives on Android devices," Zink said in a blog post Tuesday.

"These devices login to the user's Yahoo Mail account and send spam."

He said the phones appear to be located in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.

"I've written in the past that Android has the most malware compared to other smartphone platforms, but your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace," he said.

"But if you get it from some guy in a back alley on the internet, the odds go way up."

He added that users in the developed world "usually have better security practices and fewer malware infections than users in the developing world".

"I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for," Zink said.

"Either that or they acquired a rogue Yahoo Mail app."

A report earlier this year by the security firm AV-Test found some Android-powered phones downloaded malicious code after installation and said this was more common in the Google Android system than in the Apple ecosystem which has stricter security policies.

Google has a security system known as Bouncer to scan for malware but some experts recommend additional protection for phones using the platform.

UPDATE: Following publication of this story on various websites, Zink published another post in which he said the spam "did come from Android devices".

He said he wrote the original post with the most recent Trend Micro ThreatLab data in mind. The data showed the number of malicious Android apps doubled from 10,000 to 20,000 in just one month in the last quarter.

"Because of its ubiquity, there is sufficient motivation for spammers to abuse the platform. The reason these messages appear to come from Android devices is because they did come from Android devices," he wrote.

AFP

twitter  Follow IT Pro on Twitter

28 comments

  • This doesnt start off sounding fishy at all “a mircosoft reasearcher” no MS has nothing to gain by making android look bad. And then this gem “Security expert Graham Cluley, from anti-virus firm Sophos, said it was highly likely the attacks originated from Android devices, given all available information, BUT THIS COULD NOT BE PROVEN.” Wait what it hasnt been proven to come from android phones? REALLY? And then we learn even it it is happening its people in the third world SIDE LOADING PIRATED APPS. So as usual its not an android security flaw but a bunch of morons who may or may not have installed a supposed maleware wich came as a payload on sideloade pirated software. LOL

    Commenter
    mattviator
    Date and time
    July 06, 2012, 12:56AM
    • Right. No software found. No evidence. What's that about?

      No comment from AVAST or others who offer an Android malware checker. Isn't that fishy? Wouldn't you ask them first? Who is running this show anyway?

      Commenter
      Max Digest
      Date and time
      July 06, 2012, 10:34AM
    • If an Apple iPhone user was posting this comment you just made, Matt, they would be crucified by all you Droids out there!

      "Oooh, look at moi, moi, I have an Android, I can customise it and get any apps I want from anywhere I want..."

      iPhones are not vulnerable to this sort of malware because everything has to go through the App Store approval process.

      Commenter
      Paul
      Date and time
      July 06, 2012, 12:31PM
    • You are right if it is not proven then why assume and why attack.

      But your definition of 3rd world is a little wrong.

      The design of android is what would lead to the side loaded pirated apps being considered OK. Even the android 'grass-roots' (astro-turfed) marketing against Apple is an encouragement to not accept rules.

      Google's astro-turfed argument against Apple is that Apple makes you buy from the App Store. Android does not limit you to their marketplace. So then you have the 'back-alley' stores distributing malware.

      Mind you they are wrong about Apple, you can install Web Apps on your iPhone from anywhere on the internet, but it is much harder to make a malicious web app than an iOS native app.

      Encouraging open and uncontrolled software installs is the likely source of this supposed issue.

      Encouraging Jail-breaking on iPhones is exactly the same, it is an encouragement to break any security so you can install any software no matter how 'genuine' or safe.

      Commenter
      Richardw
      Date and time
      July 06, 2012, 2:39PM
  • When the "Microsoft security engineer" says "if you get it from some guy in a back alley on the internet, the odds go way up." it sounds like he is a 14 year old. Or he thinks we are 14 years old.

    Why is the Fairfax press publishing Microsoft speculation against Android?

    Commenter
    Frank MacGill
    Location
    Queensland
    Date and time
    July 06, 2012, 1:04AM
    • Might have jumped the gun on this one.

      The researchers in question are now admitting they don't know the source, and that it may have been that the messages were spoofed.

      Better update your article. There are updates on The Verge and the WSJ now.

      Commenter
      Andrew
      Location
      Sydney
      Date and time
      July 06, 2012, 12:45PM
    • Yes, it is a little strange considering their close ties with Apple. Unless they plan to switch camps?

      Commenter
      Wseguy
      Location
      Sydney
      Date and time
      July 06, 2012, 8:49PM
  • Google-Android's Bouncer sounds like Android devices are seedy-sleazy locations like pubs-clubs- strip joints. Like all seedy-sleazy places, it attracts the less desirable characters like malware..... No wonder there are so many malware for Android platform.

    Commenter
    JJ
    Location
    Hornsby
    Date and time
    July 06, 2012, 7:25AM
    • Totally agree with first 2 comments. It makes it sound like MS is free from virus's and its virtually impossible to not download something from a dark alley that will also hurt your windows machine. Any software will have a dark alley quotient.

      Commenter
      Bippo
      Date and time
      July 06, 2012, 8:00AM
      • "A Microsoft Engineer".. Yes, it is because Microsoft's own Windows Phones have an average of 3% market compared to 52% of Androids in the world. Microsoft is saying this to certainly try and damage a level of reputation.

        Furthermore, which platform does 98% of the malware exist on? (Desktop) Windows.. People in glass houses shouldnt throw stones.

        Commenter
        Benny
        Location
        Sydney
        Date and time
        July 06, 2012, 8:10AM

        More comments

        Comments are now closed