Google disputes Android botnet spam claim
- 6 July 2012
- From the section Technology
Google has disputed claims that many Android phones have been infected with a virus that makes them churn out spam.
On 4 July, Microsoft researcher Terry Zink claimed to have discovered evidence of Android phones being enrolled into a botnet.
Botnets typically use infected PCs as spam generators but Mr Zink said he found evidence that Android smartphones were being used in the same way.
In a statement, Google said there was no evidence to support Mr Zink's claim.
The search giant's investigation suggested the junk messages originated on PCs but the spammers sending them formatted them to look like they came from Android smartphones.
"Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using," said Google.
By taking this step, said Google, the junk mail would have a better chance of defeating spam filters and ensure that messages reached inboxes.
If the spam were coming from a botnet made up of Android phones, it would be the first ever.
Mobile security specialist Lookout also questioned Mr Zink's initial claim. In a blogpost , head of the firm Kevin Mahaffey said it was possible that the spam was originating from lots of Android phones infected with a malicious program.
However, he said, Lookout's investigation had also uncovered some serious issues with the Yahoo mail app for Android that suggested it was a risk for all users of it. Lookout had told Yahoo about the problems which were now being worked on.
In a follow-up to his original post , Mr Zink agreed that it was not proven that Android phones had been compromised.
He added that it was "entirely possible" that the spammers had faked the message formatting to make it look like it originated on a phone.
However, he added, there was no doubt that the number of malicious programs written for Android was on the increase. Given that he said: "The reason these messages appear to come from Android devices is because they did come from Android devices."
Chester Wisniewski, senior security advisor at Sophos, also posted more information about the case . He said that although Sophos did not have a sample of the malware sending the spam in question there was evidence to suggest it came from smartphones.
Sophos could find no hint that the formatting on the messages was faked, he said, and some elements of what it had seen would be impossible to spoof.
In addition, he said, much of the spam was coming from net addresses owned by mobile operators.