Spam being sent from a botnet composed of Android devices

Spam is now coming from a botnet that lives on Android devices in developing countries.

Published Wed, Jul 4 2012 4:06 PM CDT   |   Updated Tue, Nov 3 2020 12:28 PM CST

Spam e-mail is nothing new. Most users have figured out ways to combat it either through the use of spam boxes or spam blockers on the e-mail servers themselves. This spam is traditionally sent out via compromised computers that have been pulled together into a botnet. The botnet can be ordered to do whatever nefarious activities its commander wants.

Spam being sent from a botnet composed of Android devices |

With Windows becoming more secure, however, it has been harder for hackers to gain these computers for botnets. Terry Zink of Terry Zink's Cyber Security Blog on the MSDN noticed something interesting about the spam he has been receiving lately. At the bottom of the message it says "Sent from Yahoo! Mail on Android."

Furthermore, he examined the headers of the e-mail and found "Message-ID: 1341147286.19774.androidMobile(at)" I'm sure you can see where this is going. A spammer somewhere has a botnet that lives on Android devices, much like the rumors we've all heard. What's even more interesting is where these devices are located.

Yahoo places the IP of the device in the header so Terry Zink took a gander at where these IPs were located on the globe. The IPs come from Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela. The majority of these countries are developing countries and Zink has an explanation:

I've also written that users in the developed world usually have better security practices and fewer malware infections than users in the developing world. Where are almost all of those countries in the list above? Mostly in the developing world.

I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for. Either that or they acquired a rogue Yahoo Mail app.

This just goes to show that smartphones are pocket-sized computers. It has been said time and time again, but this may finally prove to users once and for all: if it is connected to the internet, it is vulnerable. The only safe device is one that isn't connected to a PUBLIC network which the Internet is. Remember readers, install anti-virus on all of your Internet-connected devices!


Trace is a starving college student studying Computer Science. He has a love of the English language and an addiction for new technology and speculation. When he's not writing, studying, or going to class, he can be found on the soccer pitch, both playing and coaching, or on the mountain snowboarding.

Newsletter Subscription

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles