Yesterday, we told you how a Microsoft anti-spam engineer claimed to have found a network of Android devices designed to send spam. Today, it looks like that report might have just been an educated guess. While the emails do indeed say "Sent from Yahoo! Mail on Android," Google says its own analysis points a different direction. "The evidence does not support the Android botnet claim," the company wrote in a statement. "Our analysis suggests that spammers are using infected computers and a fake mobile signature to bypass anti-spam mechanisms in the email platform they're using."
More importantly, the security researchers who initially outed the botnet are now admitting that they actually don't know for sure. Terry Zink, the Microsoft researcher who originally wrote the report, now says that he considered that the messages could have been spoofed, but decided that it simply made more sense for them to have come from Android. Chet Wisniewski, a Sophos security advisor who suggested that users should install Sophos Mobile Security to avoid being infected by an app that could send this kind of spam, told The Wall Street Journal that "we don't know for sure that it's coming from Android devices."
Yahoo told The Register that it's investigating the issue.
There's still a definite possibility that this is indeed an Android botnet of some sort, and both researchers claim the evidence points that direction, but we're far less certain than we were before, and a little less trusting, too.