Android spam botnet revealed by Microsoft engineer

A Microsoft anti-spam engineer has identified an international botnet controlling Android devices, using them to send spam on an industrial scale. Writing on his MSDN blog, Terry Zink describes how he analyzed the headers of spam samples containing the signature “Sent from Yahoo! Mail on Android,” tracing them to a number of locations in the Middle East, Asia and Eastern Europe. “I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for,” writes Zink. “Either that or they acquired a rogue Yahoo Mail app.”

This is not the first time that Android malware has been caught connecting to a botnet — back in February, researchers discovered a malicious application that infected mostly Chinese phones running Gingerbread, gaining root access and then calling premium rate phone numbers to generate revenue for its creators. The month before, Symantec identified multiple publishers offering infected apps in the official Android Market, now known as Google Play. With any luck, this latest attack will catch the attention of the recently-launched Android Malware Genome Project, aiding their efforts to combat malicious software on the platform.

Update: Google has now disputed Terry Zink’s blog post, issuing a statement declaring that “evidence does not support the Android botnet claim.” According to Google’s own researchers, “spammers are using infected computers and a fake mobile signature to bypass anti-spam mechanisms in the email platform they’re using.”