Google disputes Android botnet spam claim

  • Published
Android robot, Getty
Image caption,

Google has said the spam only looks like it is coming from Android phones

Google has disputed claims that many Android phones have been infected with a virus that makes them churn out spam.

<link> <caption>On 4 July, Microsoft researcher Terry Zink claimed</caption> <url href="http://blogs.msdn.com/b/tzink/archive/2012/07/05/10326639.aspx" platform="highweb"/> </link> to have discovered evidence of Android phones being enrolled into a botnet.

Botnets typically use infected PCs as spam generators but Mr Zink said he found evidence that Android smartphones were being used in the same way.

In a statement, Google said there was no evidence to support Mr Zink's claim.

The search giant's investigation suggested the junk messages originated on PCs but the spammers sending them formatted them to look like they came from Android smartphones.

"Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using," said Google.

By taking this step, said Google, the junk mail would have a better chance of defeating spam filters and ensure that messages reached inboxes.

If the spam were coming from a botnet made up of Android phones, it would be the first ever.

Mobile security specialist Lookout also questioned Mr Zink's initial claim. <link> <caption>In a blogpost</caption> <url href="http://blog.mylookout.com/blog/2012/07/05/our-thoughts-on-the-android-spam-botnet/" platform="highweb"/> </link> , head of the firm Kevin Mahaffey said it was possible that the spam was originating from lots of Android phones infected with a malicious program.

However, he said, Lookout's investigation had also uncovered some serious issues with the Yahoo mail app for Android that suggested it was a risk for all users of it. Lookout had told Yahoo about the problems which were now being worked on.

Address origin

<link> <caption>In a follow-up to his original post</caption> <url href="http://blogs.msdn.com/b/tzink/archive/2012/07/05/a-bit-more-on-that-spam-from-an-android-botnet.aspx" platform="highweb"/> </link> , Mr Zink agreed that it was not proven that Android phones had been compromised.

He added that it was "entirely possible" that the spammers had faked the message formatting to make it look like it originated on a phone.

However, he added, there was no doubt that the number of malicious programs written for Android was on the increase. Given that he said: "The reason these messages appear to come from Android devices is because <italic>they did</italic> come from Android devices."

Chester Wisniewski, senior security advisor at Sophos, <link> <caption>also posted more information about the case</caption> <url href="http://nakedsecurity.sophos.com/2012/07/06/android-spam-bots-what-we-know-for-sure/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29&utm_content=Netvibes" platform="highweb"/> </link> . He said that although Sophos did not have a sample of the malware sending the spam in question there was evidence to suggest it came from smartphones.

Sophos could find no hint that the formatting on the messages was faked, he said, and some elements of what it had seen would be impossible to spoof.

In addition, he said, much of the spam was coming from net addresses owned by mobile operators.

Related internet links

The BBC is not responsible for the content of external sites.