Microsoft Security Firm Backtracks On Android Malware Claim as Google Calls them Out

[dgstorm]

Last week, Microsoft's Frontline online security company claimed that they found evidence of a botnet spammer security hole on Android devices. They pointed out that there was a spam operation using Yahoo!'s webmail service and claimed that it was coming from an Android device. The spam was using the message ID [email protected] and includes the line "Sent from Yahoo! Mail on Android." Terry Zink, program manager for Microsoft Forefront online security said, "All of these message are sent from Android devices," he said. "We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices. These devices login to the user's Yahoo Mail account and send spam."

Google called Microsoft out on this one. They said, "The evidence we’ve examined does not support the Android botnet claim. Our analysis so far suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using. We’re continuing to investigate the details.”

Since then, Microsoft and other security companies that jumped on this bandwagon backtracked from their initial statements. Here's a quote with a few more details,

Chester Wisniewski, senior security adviser at Sophos, said he is rechecking his findings after Google and some other security researchers disputed findings of an Android “botnet,” or a cluster of computers hijacked by hackers.

In an interview Thursday, Mr. Wisniewski said that the spam he identified generated by Yahoo’s free Web-based email service was different than normal patterns of email spam but “we don’t know for sure that it’s coming from Android devices.”

On Thursday, Mr. Zink stated in a follow-up post that he also didn’t know for sure that Android devices had been compromised. “Yes, it’s entirely possible that bot on a compromised PC connected to Yahoo Mail” and insert the “Yahoo Mail for Android” tagline at the bottom of the spam messages “to make it look like the spam was coming from Android devices,” he wrote.

So, basically some security firms sponsored by Microsoft pounced on an opportunity to slam Android when they jumped to a conclusion without investigating the facts first. In fact, it was really poor logic on their part to begin with. Here's another quote from a separate security company backing up Google's assertion,

Alex Stamos, chief technology officer of Web-security firm Artemis Internet, said he’d never seen spam from a mobile app and said it “makes no sense” to do so for several reasons, including that “spammers like” to use devices that that “allow them to send messages quickly” and they like the ability to change the Internet Protocol address–the label assigned to a computer logged on to the Internet—“which is very hard [to do] on a mobile network.”

Mr. Stamos added: “If Google says that this spam was using a faked signature, then I think that’s likely.”

Hmmm... it seems like Microsoft was trying to raise a ruckus over nothing. Share your thoughts.

Thanks for the tip, furbearingmammal!

Source: TheRegister and Wall Street Journal

 

[WildcatRudy]

This is ludicrous. ANY security expert should know that 1) email addresses are always forged in spam, and 2) never to trust anything written in the body of an email message when it's from a spammer. Yet, they believed this email address was valid: 1341147286.19774.androidMobile @ web140302.mail.bf1.yahoo.com . Anyone can inject that into a from: header in email. And because it had an email signature of "Sent from Yahoo! Mail on Android" they think it was actually true?? Did they bother to see which IP addresses the mail passed through (such as, which mail server is actually came from)?

I don't even know if the Android OS on phones is capable of running an SMTP server. I know that even on home Internet providers (DSL or cable), they tend to block outbound SMTP ports so that spammers cannot use accounts to spam, and also help stem the flow of bots that might set up a rogue SMTP server on an unsuspecting computer. I have a feeling SMTP services may be blocked by all the wireless carriers. I know someone could possibly hijack a Gmail or Yahoo mail client on one's phone (IOW, taking over control of the Gmail or Yahoo mail apps), so that could be one options a spammer could use, provided they could find a way to get their code onto the phone.

Would anyone perhaps think this might be jumping the gun, and not perhaps coincidental with Windows 8 phones launching soon?

 

[Droid-Xer]

When you're on top, everyone looks to take you down. Good on Google for calling them out!