Technology content trusted in North America and globally since 1999
8,422 Reviews & Articles | 64,499 News Posts

Spam being sent from a botnet composed of Android devices

Spam is now coming from a botnet that lives on Android devices in developing countries

By Trace Hagan from Jul 4, 2012 @ 16:06 CDT

Spam e-mail is nothing new. Most users have figured out ways to combat it either through the use of spam boxes or spam blockers on the e-mail servers themselves. This spam is traditionally sent out via compromised computers that have been pulled together into a botnet. The botnet can be ordered to do whatever nefarious activities its commander wants.


With Windows becoming more secure, however, it has been harder for hackers to gain these computers for botnets. Terry Zink of Terry Zink's Cyber Security Blog on the MSDN noticed something interesting about the spam he has been receiving lately. At the bottom of the message it says "Sent from Yahoo! Mail on Android."

Furthermore, he examined the headers of the e-mail and found "Message-ID: 1341147286.19774.androidMobile(at)" I'm sure you can see where this is going. A spammer somewhere has a botnet that lives on Android devices, much like the rumors we've all heard. What's even more interesting is where these devices are located.

Yahoo places the IP of the device in the header so Terry Zink took a gander at where these IPs were located on the globe. The IPs come from Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela. The majority of these countries are developing countries and Zink has an explanation:

I've also written that users in the developed world usually have better security practices and fewer malware infections than users in the developing world. Where are almost all of those countries in the list above? Mostly in the developing world.

I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for. Either that or they acquired a rogue Yahoo Mail app.

This just goes to show that smartphones are pocket-sized computers. It has been said time and time again, but this may finally prove to users once and for all: if it is connected to the internet, it is vulnerable. The only safe device is one that isn't connected to a PUBLIC network which the Internet is. Remember readers, install anti-virus on all of your Internet-connected devices!


Related Tags