Android smartphones 'used for botnet', researchers say

Spam sent from Google Android Android devices are believed to be sending out spam messages similar to this example

Related Stories

Smartphones running Google's Android software have been hijacked by an illegal botnet, according to a Microsoft researcher.

Botnets are large illegal networks of infected machines - usually desktop or laptop computers - typically used to send out masses of spam email.

Researcher Terry Zink said there was evidence of spam being sent from Yahoo mail servers by Android devices.

Microsoft's own platform, Windows Phone, is a key competitor to Android.

The Google platform has suffered from several high-profile issues with malware affected apps in recent months.

The official store - Google Play - has had issues with fake apps, often pirated free versions of popular paid products like Angry Birds Space or Fruit Ninja.

This latest discovery has been seen as a change of direction for attackers.

"We've all heard the rumours," Mr Zink wrote in a blog post.

"But this is the first time I have seen it - a spammer has control of a botnet that lives on Android devices.

"These devices login to the user's Yahoo Mail account and send spam."

Bad guys

He said analysis of the IP addresses used to send the email revealed the spam had originated from Android devices being used in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.

As is typical, the spam email looks to tempt people into buying products like prescription drugs.

Security expert Graham Cluley, from anti-virus firm Sophos, said it was highly likely the attacks originated from Android devices, given all available information, but this could not be proven.

This was the first time smartphones had been exploited in this way, he said.

"We've seen it done experimentally to prove that it's possible by researchers, but not done by the bad guys," he told the BBC.

"We are seeing a lot of activity from cybercriminals on the Android platform.

"The best thing you can do right now is upgrade your operating system, if that's possible.

"And before you install apps onto your device, look at the reviews, because there are many bogus apps out there."

Google told the BBC it did not respond to queries about specific apps but was working to improve security on the Android platform.

"We are committed to providing a secure experience for consumers in Google Play, and in fact our data shows between the first and second halves of 2011, we saw a 40% decrease in the number of potentially malicious downloads from Google Play," a spokesman said.

"Last year we also introduced a new service into Google Play that provides automated scanning for potentially malicious software without disrupting the user experience or requiring developers to go through an application approval process."

More on This Story

Related Stories

More Technology stories

RSS

Features

  • Baby being handed overFraught world

    The legal confusion over UK surrogate births


  • Bad resultsBlame game

    The best excuses to use when exam results don't make the grade


  • Welsh flagDragon's den

    Why Wales will make its own mind up on independence


  • Police respond to a shooting in Santa MonicaTrigger decision

    What really happens before a police officer fires his gun?


  • Child injured by what activists say were two air strikes in the north-eastern Damascus suburb of Douma (3 August 2014)'No-one cares'

    Hope fades for Syrians one year after chemical attack


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.