An international botnet could be using infected Android handsets to send out massive amounts of spam, Microsoft antispam engineer Terry Zink said in a Thursday blog posts on MSDN.
Zink reportedly identified the botnet and its Google Android connection by examining the headers of spam that included the signature “Sent from Yahoo! Mail on Android.” An analysis of IP addresses suggested the Android smartphones were being used throughout the world including in Chile, Indonesia, Lebanon, Oman, the Philippines, Russia, Saudi Arabia, Thailand, the Ukraine and Venezuela.
The spam includes offers to buy products such as prescription drugs. In other words, usual spam but from an unlikely source — namely, mobile handsets. However, Zink’s research is being met with some skepticism.
“I currently can’t confirm — or deny — the existence of this supposed Android botnet,” said Roel Schouwenberg, senior malware researcher at Kaspersky Lab. “The mentioned blog post doesn’t provide any actual proof of its existence. The evidence put forward to claim that this is an Android botnet is based on data which is easily spoofed or forged.”
Microsoft and Google did not respond to our requests to comment for this story.
Same Spam, New Platform
Creating malware for Android, itself based on open source code, really wouldn’t be any more challenging than creating malware for a PC.
“I wouldn’t think it would be hugely different if the purpose is to disseminate spam or launch a DoS attack,” Charles King, principal analyst at Pund-It, told LinuxInsider. “The main thing would be to keep the malicious code lightweight enough that it wouldn’t impact the system too severely — and thus alert the user that something hinky is going on.”
Despite this fact, Android isn’t really any more susceptible than any other OS at this point, King added.
“Earlier on, Google came in for numerous complaints about the company not thoroughly policing apps in the Android Market, but the company seems to have cleaned up its act,” he noted. “From what I’ve read, the assumption is that the botnet is being disseminated by people who are downloading hacked or cracked apps to avoid user fees. If that’s the case, it’s another prime example of there being no such thing as a free lunch.”
Targeting Developing Markets
Considering how cheap Android apps are today, why would anyone want to take the risk of infecting their handset?
“An overabundance of dumbassitude would be my guess,” quipped King.
This would likely be true in the developed world, where an app for US$1 is a bargain. However, in the developing world, users may be looking to saving every penny and therefore might take more risks.
“Users don’t go looking for rogue apps. That’s not the way this threat works,” said telecommunications analyst Jeff Kagan. “We will see more mobile botnets the same way we see more viruses and malware.”
Many apps likely appear normal but do their dirty work behind the scenes, suggested Kagan. “Otherwise, users would take them off as quickly as they put them on — and that is the problem. It can spread widely, and no one knows where it came from or where it is located.”
Only to Get Worse
The problem will likely only get worse. Hackers already target widely used operating systems, which is why the PC has been a prime target. As it gains market share, Google’s Android will likely attract hackers who put the OS in the crosshairs.
“This is a natural next step in the battleground we are all on every single day,” said Kagan. “Unfortunately, it’s just part of the process. Apps are a perfect way to deliver malware.”
Fortunately, where there are problems, there are solutions.
“Protection will be the next step,” emphasized Kagan. “Just like we install antivirus software on our laptops, we’ll install protection against this new threat on our smartphones and tablets.”