Google is disputing statements from researchers at Microsoft and
Sophos who this week warned that Android devices were sending spam
through compromised Yahoo Mail accounts. In response, both now say they
are further investigating their earlier claims.
The idea of an
international Android botnet leveraging the mobile operating system was
first publicized earlier this week by Microsoft engineer Terry Zink in a blog post.
He believed a new type of malware was accessing Yahoo Mail accounts on
Android devices to send spam messages. He also determined from the
originating IP addresses that the spam was coming from Asia, Eastern
Europe, South America and the Middle East.
Chester Wisniewski, a Sophos Canada senior security engineer, also posted about the malware. "The messages appear to originate from compromised Google
Android smartphones or tablets. All of the samples at SophosLabs have
been sent through Yahoo!'s free mail service and contain correct headers
and DKIM signatures," he wrote. He believed Android users became
infected by downloading pirated copies of paid Android apps that
contained the Trojan.
As media outlets and bloggers began reporting on the
Android botnet, Google issued a statement saying evidence did not
support the researchers' findings. "Our analysis suggests that spammers
are using infected computers and a fake mobile signature to try to
bypass anti-spam mechanisms in the email platform they're using," the
company said.
This led Zink to admit that the spam headers could
have been spoofed so they appeared they came from Android devices
instead of a more conventional source. Or not.
"Yes, it’s entirely
possible that bot on a compromised PC connected to Yahoo Mail, inserted
the the [sic] message-ID thus overriding Yahoo’s own Message-IDs and
added the 'Yahoo Mail for Android' tagline at the bottom of the message
all in an elaborate deception to make it look like the spam was coming
from Android devices," he wrote.
"On
the other hand, the other possibility is that Android malware has
become much more prevalent and because of its ubiquity, there is
sufficient motivation for spammers to abuse the platform. The reason
these messages appear to come from Android devices is because they did
come from Android devices."
Similarly, Sophos' Wisniewski told The Wall Street Journal
today he is rechecking his findings to confirm if it's spam using a
faked signature or if it is actually coming from Android devices.
Google said in its statement that it also is continuing to investigate the details.
Courtesy by Anne Saita @threatpost
No comments:
Post a Comment