Security Researchers Backtrack on Android Malware Claim
July 5, 2012, 7:02 PM
By Amir Efrati and Shira Ovide
blogs.wsj.com
 BloombergInternet security researchers say they may have been mistaken about claims that mobile devices powered by Googles Android operating system were hacked and used to send spam emails.
Internet security researchers said Thursday they may have been mistaken about claims that mobile devices powered by Google Inc.’s Android operating system were hacked and used to send spam emails.
The researchers from security company Sophos Ltd. and Google rival Microsoft Corp. each had written blog posts in recent days identifying what they said were incidents of Android devices being used to generate spam emails from Yahoo Mail’s app. A “spammer has control of a botnet that lives on Android devices,” Microsoft engineer Terry Zink wrote in a blog post Tuesday.
Chester Wisniewski, senior security adviser at Sophos, said he is rechecking his findings after Google and some other security researchers disputed findings of an Android “botnet,” or a cluster of computers hijacked by hackers.
In an interview Thursday, Mr. Wisniewski said that the spam he identified generated by Yahoo’s free Web-based email service was different than normal patterns of email spam but “we don’t know for sure that it’s coming from Android devices.”
On Thursday, Mr. Zink stated in a follow-up post that he also didn’t know for sure that Android devices had been compromised. “Yes, it’s entirely possible that bot on a compromised PC connected to Yahoo Mail” and insert the “Yahoo Mail for Android” tagline at the bottom of the spam messages “to make it look like the spam was coming from Android devices,” he wrote.
A Google spokesman earlier Thursday issued a statement disputing Mr. Zink’s claim of spam generated from Android phones: “The evidence we’ve examined does not support the Android botnet claim. Our analysis so far suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using. We’re continuing to investigate the details.”
Alex Stamos, chief technology officer of Web-security firm Artemis Internet, said he’d never seen spam from a mobile app and said it “makes no sense” to do so for several reasons, including that “spammers like” to use devices that that “allow them to send messages quickly” and they like the ability to change the Internet Protocol address–the label assigned to a computer logged on to the Internet—“which is very hard [to do] on a mobile network.”
Mr. Stamos added: “If Google says that this spam was using a faked signature, then I think that’s likely.” |
