Pages

Thursday, July 5, 2012

Microsoft engineer discovers Android spam botnet

Microsoft engineer Terry Zink has discovered Android devices are being employed to send spam. He has identified a global Android botnet and printed the main points on his MSDN blog.

Android malware is on the increase. There are several pretend versions of Android apps (see links below) that try and benefit by sending expensive SMS messages. this is often completely different.
In this case, the money is being generated once spam e-mails are sent from Yahoo Mail servers on Android devices. a better check up on the e-mails' header data shows all the messages come back from compromised Yahoo accounts. Furthermore, they're conjointly stamped with the "Sent from Yahoo! Mail on Android" signature.
As such, Zink believes a cybercriminal has developed a replacement piece of malware which will access Yahoo Mail accounts on Android devices and send spam messages from them. Since this is often happening on an outsized scale, it follows the perpetrator has conjointly linked the Android devices along to make a spam botnet, a method typically used when attempting to monetize spam; it's all regarding volume, volume, volume.

Since Yahoo provides the originating IP address for the e-mails, Zink was ready to list the countries from where the spam is being sent: Asia, jap Europe, the center East, and South America. a lot of specifically, the e-mails Zink got his hands on came from Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.
Most of those countries are within the developing world, and therefore the Microsoft engineer argues that users doubtless tried to download pirated versions of apps to avoid paying. Alternatively, they were tricked into downloading a pretend version of the Yahoo Mail app. Either way, it's unlikely they used the official Google Play store.

Android enables you to download and install apps from anywhere. Please solely install apps from Google Play unless you're fully sure you recognize who wrote the software you would like to put in. Fighting malware is not just the responsibility of security firms: you'll facilitate by being good regarding what you put in.