Microsoft Security Firm Backtracks On Android Malware Claim as Google Calls them Out

Discussion in 'Android News' started by dgstorm, Jul 6, 2012.

  1. dgstorm

    dgstorm Editor in Chief
    Staff Member Premium Member

    Dec 30, 2010
    Likes Received:
    Trophy Points:
    Austin, TX

    Last week, Microsoft's Frontline online security company claimed that they found evidence of a botnet spammer security hole on Android devices. They pointed out that there was a spam operation using Yahoo!'s webmail service and claimed that it was coming from an Android device. The spam was using the message ID and includes the line "Sent from Yahoo! Mail on Android." Terry Zink, program manager for Microsoft Forefront online security said, "All of these message are sent from Android devices," he said. "We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices. These devices login to the user's Yahoo Mail account and send spam."

    Google called Microsoft out on this one. They said, "The evidence we’ve examined does not support the Android botnet claim. Our analysis so far suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using. We’re continuing to investigate the details.”

    Since then, Microsoft and other security companies that jumped on this bandwagon backtracked from their initial statements. Here's a quote with a few more details,

    So, basically some security firms sponsored by Microsoft pounced on an opportunity to slam Android when they jumped to a conclusion without investigating the facts first. In fact, it was really poor logic on their part to begin with. Here's another quote from a separate security company backing up Google's assertion,

    Hmmm... it seems like Microsoft was trying to raise a ruckus over nothing. Share your thoughts.

    Thanks for the tip, furbearingmammal!

    Source: TheRegister and Wall Street Journal
  2. WildcatRudy

    WildcatRudy Active Member

    Aug 15, 2010
    Likes Received:
    Trophy Points:
    Near the lake in SCS, MI
    Current Phone Model:
    Pixel XL
    This is ludicrous. ANY security expert should know that 1) email addresses are always forged in spam, and 2) never to trust anything written in the body of an email message when it's from a spammer. Yet, they believed this email address was valid: 1341147286.19774.androidMobile @ . Anyone can inject that into a from: header in email. And because it had an email signature of "Sent from Yahoo! Mail on Android" they think it was actually true?? Did they bother to see which IP addresses the mail passed through (such as, which mail server is actually came from)?

    I don't even know if the Android OS on phones is capable of running an SMTP server. I know that even on home Internet providers (DSL or cable), they tend to block outbound SMTP ports so that spammers cannot use accounts to spam, and also help stem the flow of bots that might set up a rogue SMTP server on an unsuspecting computer. I have a feeling SMTP services may be blocked by all the wireless carriers. I know someone could possibly hijack a Gmail or Yahoo mail client on one's phone (IOW, taking over control of the Gmail or Yahoo mail apps), so that could be one options a spammer could use, provided they could find a way to get their code onto the phone.

    Would anyone perhaps think this might be jumping the gun, and not perhaps coincidental with Windows 8 phones launching soon?

  3. Droid-Xer

    Droid-Xer Super Moderator
    Premium Member

    Nov 24, 2010
    Likes Received:
    Trophy Points:
    El Paso, TX
    When you're on top, everyone looks to take you down. Good on Google for calling them out!
Search tags for this page