Compromised Yahoo accounts have been used to send out spam by a botnet recently. In this case it’s not a ‘regular ol’ botnet’ living on zombie computers, but one operating out of Android powered smartphones.
A blogger on the Microsoft blogs named tzink noted this recently, with a lot of commenters posting about the same happening to them. The originating countries can be traced back due to the IPs used: they were Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine and Venezuela.
All of these message are sent from Android devices. We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices. These devices login to the user’s Yahoo Mail account and send spam.
Apparently the developing world citizens are less strict about security on their smartphones. In this case tzink suspects that malicious software disguised as a free app is is part of the botnet.
However, one commenter thinks it’s just the malicious Android app itself signing up for new Yahoo accounts, and not using existing Yahoo email accounts:
With all of the samples I’ve seen, the Yahoo! email address follows the same format (FirstnameLastname followed be 2 numeric characters @yahoo.com). This would suggest it is simply a botnet which has circumvented the Yahoo! Android sign-up API to create new accounts rather than those being peoples actual email addresses.
Spam filters will have a tougher time distinguishing good email from bad email, if these email are being sent from/by normally legitimate Yahoo email accounts. They should be able to filter by content though, as tzink notes that the spam message content
Email spam volume has been dropping in recent times, but this jump into the smartphone arena by a botnet makes it clear that we’re not yet finished with the spam game.
Remember, there’s always a way to handle spam: don’t forget to read ‘Help, I’ve received spam from $company! What to do now?‘
Update 1: according to a post on The Verge, Google denies that Android smartphones have been compromised and a botnet is sending out the emails.
From the end of that article:
There’s still a definite possibility that this is indeed an Android botnet of some sort, and both researchers claim the evidence points that direction, but we’re far less certain than we were before, and a little less trusting, too.
The spam was supposedly sent using a spoofed mobile email signature, bypassing spam filters. Because of that mobile email signature, the messages are/were considered to be coming from Android smartphones, but that is now uncertain.