Google Blasts Credibility of Microsoft's Android Botnet Story; Says It's Just As Likely Spam was Spoofed And Came From Windows PCs
dailytech.com
Jason Mick (Blog) - July 6, 2012 11:58 AM
dailytech.com
Google says it's just as likely spam was spoofed and came from Windows PCs
Microsoft Corp. ( MSFT) spam researcher Terry Zink played provocateur when he published a blog indicating he had discovering a thriving Android botnet, which appeared to be driven by app piracy in the developing world. The evidence he presented was a series of emails with distinctive signatures -- both email header information, and the text signature in the body -- indicating they had originating on an Android device.
Google Inc. ( GOOG) has responded by pointing the finger back at Microsoft, suggesting that the headers and signature were likely spoofed to look as if they came from Android. Comments Google, "The evidence does not support the Android botnet claim. Our analysis suggests that spammers are using infected computers and a fake mobile signature to bypass anti-spam mechanisms in the email platform they're using."
Android has relatively robust anti-spam guards, so even if the device was infected with malware, Google says it would be difficult to exploit it for spamming purposes.
Spoofing is a time honored technique used by hackers to obfuscate IP requests, email headers, and phone numbers. [Image Soource: PC1 News]
As the text signature implicated Yahoo! Mail, the post also raised awkward questions for that company. Yahoo! Inc. ( YHOO) says that it is investigating the report to see if its email client is being abused. As with the Android aspect, it's again possible that the header and body were merely spoofed to look like they came from the Yahoo! Mail client on Android, typically a relatively trustworthy source.
Header spoofing is a common, technique used by computer criminals. As an email's header information and text are easily manipulated (or "engineered" in hacker terms), malicious user can change messages' headers to serve the dual purpose of disguising their true origin and to build trust by making it look as if it originated from a legitimate source.
Terry Zink, the researcher who published the original report, has since backtracked in the comments section of his post, acknowledging that spoofing was a possibility, but commenting that it merely seemed more likely that an Android botnet was causing the spam onslaught. He did not, however, provide any additional evidence of how he came to that conclusion.
Source: The Register |
