android logo Google denies Microsofts Android spam botnet claim

Google has denied claims by Microsoft about the existence of an Android spam botnet, but security firms are not so sure.

Google has denied claims by Microsoft about the existence of an Android spam botnet, but security firms are not so sure.

 
Terry Zink, security engineer for Microsoft, blogged earlier this week about a possible threat, citing Android-specific email addresses and a “Sent from Yahoo! Mail on Android” note at the bottom of the message.
 
Google said its investigation of the issue shows that Android has not been compromised and that spammers operating from PCs are simply formatting their emails to make them look like they originate from Android smartphones, a tactic designed to help them evade spam filters. Google said there was no evidence of an Android botnet.
 
 Google denies Microsofts Android spam botnet claim
 
Google is not the only one questioning Microsoft's claims. Kevin Mahaffey, head of security firm Lookout, said that his company had found security issues with the Yahoo! Mail app and had advised Yahoo of the problem, suggesting there might be a threat, but that it is related to a third-party app and not Android itself.
 
However, Chester Wisniewski, senior security advisor at Sophos, said that there was some evidence that the spam came from smartphones. He said that Sophos could not see that the formatting had been faked, and some things, such as email addresses owned to mobile operators, could not be altered.
 
Zink has since admitted that it is possible that the messages were sent from PCs, with key elements faked to give the illusion of coming from smartphones, but that he believes it more likely that malware on Android has become more prevalent, that this is motivating spammers to abuse the platform, and that therefore the spam is being sent from an Android botnet.
 
Source: BBC
Image Credit: Tom-b