Saturday, April 13, 2013

Android Malware Botnet Claims Doubted as Researchers Review Evidence


Android Malware Botnet Claims Doubted as Researchers Review Evidence





 

Initial reports earlier this week of a new Android malware botnet could now be erroneous, according to follow-up interviews with the security researchers who made the original claims.

Android Malware Botnet Claims Doubted as Researchers Review Evidence


Two Internet security researchers who recently reported their findings of an Android botnet that pushes spam to users' Yahoo email accounts now say they might have jumped the gun.
In an update from The Wall Street Journal, the two researchers aren't as sure that their original claims about the alleged Android malware and botnet are correct.
"Chester Wisniewski, senior security adviser at Sophos, said he is rechecking his findings  after Google and some other security researchers disputed findings of an Android 'botnet,' or a cluster of computers hijacked by hackers,"The Journal reported in its Digits blog. "In an interview Thursday, Mr. Wisniewski said that the spam he identified generated by Yahoo’s free Web-based email service was different than normal patterns of email spam but 'we don’t know for sure that it’s coming from Android devices.'"
The other security researcher, Microsoft engineer Terry Zink, also backtracked on his original report about the alleged Android malware, stating in a follow-up post  "that he also didn’t know for sure that Android devices had been compromised," according to The Journal. “Yes, it’s entirely possible that bot on a compromised PC connected to Yahoo Mail' and inserted the 'Yahoo Mail for Android' tagline at the bottom of the spam messages 'to make it look like the spam was coming from Android devices,' he wrote."
Google, which owns and develops the Android mobile operating system, continues to deny the researchers' claims since the first reports were released. “The evidence we’ve examined does not support the Android botnet claim," the company said in a statement through a spokesman. "Our analysis so far suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using. We’re continuing to investigate the details.”
The original reports from the two security researchers stated that the allegedmalware would get into a user's smartphone through a rogue app, which then used users’ Yahoo free email accounts to send out spam, according to an earlier story on eWEEK.com. "Microsoft engineer Terry Zink said he found spam samples coming from compromised Yahoo email accounts, but then noted that they were being sent from Android mobile devices."
“We’ve all heard the rumors, but this is the first time I have seen it—a spammer has control of a botnet that lives on Android devices,” Zink originally wrote in ablog post July 3 . “These devices log in to the user’s Yahoo Mail account and send spam. … The messages all come from Yahoo Mail servers. They are all from compromised Yahoo accounts. They are sending all stock spam, the typical pump and dump variety that we’ve seen for years.”
Now, though, there are questions about the validity of those initial claims in this case.