Google denies Android malware charges, researchers backtrack
Google (NASDAQ:GOOG) is denying claims that a botnet has infected smartphones running its Android mobile operating system, prompting the security researchers who first reported the problem to admit they may have erred.
Earlier this week, researchers from security firm Sophos and Google rival Microsoft (NASDAQ:MSFT) each published blog posts asserting that some Android devices had fallen victim to a botnet that generated spam emails from the Yahoo Mail app. "A spammer has control of a botnet that lives on Android devices," wrote Microsoft engineer Terry Zink. "These devices login to the user's Yahoo Mail account and send spam."
Google disputes the findings. "The evidence we've examined does not support the Android botnet claim," a Google spokesperson told The Wall Street Journal via email. "Our analysis so far suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using. We're continuing to investigate the details."
Sophos Senior Security Advisor Charles Wisniewski told the WSJ that he is rechecking his findings, maintaining that spam identified by Yahoo Mail is different from normal email spam patterns but acknowledging "We don't know for sure that it's coming from Android devices."
Zink also published a follow-up blog entry stating "It's entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the message-ID thus overriding Yahoo's own Message-IDs and added the 'Yahoo Mail for Android' tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices. On the other hand, the other possibility is that Android malware has become much more prevalent and because of its ubiquity, there is sufficient motivation for spammers to abuse the platform. The reason these messages appear to come from Android devices is because they did come from Android devices."
Alex Stamos, CTO of security firm Artemis Internet, told the WSJ he'd never encountered spam from a mobile app and said it "makes no sense" for spammers to target the mobile platform, explaining they prefer to attack devices that "allow them to send messages quickly." Stamos added that spammers also prefer to alter Internet Protocol addresses, "which is very hard [to do] on a mobile network," and said "If Google says that this spam was using a faked signature, then I think that's likely."
Android malware increased 155 percent from 2010 to 2011, according to a Juniper Networks report issued in May. Critics maintain Google has failed to sufficiently police its Google Play storefront, making it easy for attackers to distribute malware via Android applications.
- read this Wall Street Journal article
Report: Android malware increased 155 percent year-over-year
Rovio warns against Android malware in fake versions of 'Angry Birds'
Report: Android Market plagued by malware threats
Google unveils 'Bouncer' to scan Android Market for malware