Google disputes claims of Android-based botnet

Last week, a Microsoft engineer claimed in a blog post that he had found evidence of a botnet that was using malware installed on Android-based devices. Now Android creator Google is disputing those claims, saying that the malware in question actually came from infected PCs.

The BBC reports that, according to a statement from Google, "Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using." Google added that, according to their reasoning, email spammers might take this approach to help get around email spam boxes that might not block an email coming from an Android smartphone or tablet.

Meanwhile, Terry Zink, the Microsoft team member that came up with his Android botnet theory, wrote a follow-up post on his blog. He did admit that it was "entirely possible" that the email addresses he had discovered were spoofed and made to look like they came from an Android product. He added:

On the other hand, the other possibility is that Android malware has become much more prevalent and because of its ubiquity, there is sufficient motivation for spammers to abuse the platform. The reason these messages appear to come from Android devices is because they did come from Android devices. Before writing my previous post, I considered both options but selected the latter.

There is also a link in Zink's blog to an earlier BBC story, which quotes Graham Cluley, from the software security firm Sophos. He states, "We've seen it done experimentally to prove that it's possible by researchers, but not done by the bad guys. We are seeing a lot of activity from cybercriminals on the Android platform."

Despite Google's claim to the contrary, it seems clear that an Android-based botnet is well within the realm of possibility and that it may be running right now.

Source: BBC website

Report a problem with article
Previous Story

New all-in-one Windows 7 PCs from HP announced

Next Story

Microsoft releases new 60 second IE9 TV advert

19 Comments

Commenting is disabled on this article.

Ok, there is trying to mislead people to save face and there if poking a bear with a stick.

Slipping malware 'remotely' on Android is easy, our team does it to play tricks with fellow engineers.

Google is going to PO the right set of people eventually and Android will become a footnote in history of poor OS security designs.

Asrokhel said,
Microsoft at it again, trying to make their competition look bad so they can drum up sales of the Windows phone!

Ya of course, because the horrid security problems on Android are Microsoft's fault.

Sounds to me like this MS employee has an agenda. I'm not (and nor are the rest of us) qualified to state whether or not there is an Android botnet out there, but both theories are equally plausible.

This guy has spotted some Android-related email headers, and instead of doing some more research, he's just ignored all other possibilities and blamed Google, despite having no data that proves that theory over Google's. Then he says he actually considered Google's theory, and just "picked" to smear Android with unsubstantiated claims. He's provided no evidence to back up his accusations, and the way he's claimed it smacks of unprofessional behaviour.

If it were more secure than windows then why would it allow windows to infect it in the first place. Just get rid of the USB adaptor and Android would be more secure.

jesseinsf said,
If it were more secure than windows then why would it allow windows to infect it in the first place. Just get rid of the USB adaptor and Android would be more secure.
What in the world are you talking about? You're saying that by connecting my phone to my computer via USB, somehow something infected my sdcard, elevated it's permissions (which isn't allowed on the sdcard) and subsequently infected something else and hijacked an app?

Of course this can only happen via USB. Bluetooth, wifi, FTP and Samba connections to a Windows computer are unaffected, right? Interesting but I still think you're grasping.

offcourse they would claim its not from androids.
While they know Android is one of the most insecure OS's around. With a security model which barely surpasses windows 95's security.tons of malware invested apps roam the market. and dont go around and say that aint true, they found loads already... and most where found by 3rd parties, not google.....just imagine how much is out there that isnt known

Shadowzz said,

While they know Android is one of the most insecure OS's around.

No, that honour is taken by Windows. Android is very secure because most users get their apps from the play store. And during installation, Android informs the users of the permissions the application is requesting, at which point, the user can decline or limit the permissions. None of which is even remotely possible on Windows.

simplezz said,

Android informs the users of the permissions the application is requesting, at which point, the user can decline or limit the permissions. None of which is even remotely possible on Windows.

You mean, at which point your everyday user will just click accept without reading and move on? Right? It's also a bit wrong to say any of that isn't even remotely possible on Windows since there are several app download sites on the internet where you can trust the downloads to be safe far more than you can for Android, not to mention the fact that Windows 8 has it's own app marketplace.

Your original point is still probably true though, Windows is likely less secure that Android.

simplezz said,
No, that honour is taken by Windows.

Source? I'm not saying Windows 7/Vista are the most secure operating systems but to look at pure malware numbers is pretty silly which is what most people appear to do.

simplezz said,

No, that honour is taken by Windows.

That's why he said ONE of the most, not THE most. Windows can be the most insecure and his statement is still true.

simplezz said,
[...]And during installation, Android informs the users of the permissions the application is requesting, at which point, the user can decline or limit the permissions.
How do you limit or decline a permission using Android? Is it a new feature from Android >3.x ?

hicario said,
How do you limit or decline a permission using Android? Is it a new feature from Android >3.x ?
You decline by not installing it. As for limiting - well, you need to be rooted and use a firewall and/or another app that acts like a gateway and can revoke or even elevate permissions for all apps. Of course if you're rooted, SU requires you to approve all elevated permissions (su only) at least once. Unless you're an idiot and you have it set to always allow by default.

KCRic said,
You decline by not installing it. As for limiting - well, you need to be rooted and use a firewall and/or another app that acts like a gateway and can revoke or even elevate permissions for all apps. Of course if you're rooted, SU requires you to approve all elevated permissions (su only) at least once. Unless you're an idiot and you have it set to always allow by default.

The weakest link is the user, no matter how secure is the OS, some will install the app with out even looking the permissions of what they install. Those "idiots" a.k.a. some regular users are increasing the spread of malware.

KCRic said,
You decline by not installing it. As for limiting - well, you need to be rooted and use a firewall and/or another app that acts like a gateway and can revoke or even elevate permissions for all apps. Of course if you're rooted, SU requires you to approve all elevated permissions (su only) at least once. Unless you're an idiot and you have it set to always allow by default.
Ok, thanks for the reply!

Unfortunately, that is a third party tool (firewall) which requests you root your device before.

I will not compare Android security (mobile OS) versus Windows security (mostly desktop OS) where you need to be able to install third party drivers. However, Android really needs to allow its users to set basic rule per application like access to location, background service etc... For now under Android 2.3.3, I just have the option to allow everything or stop everything (use wireless networks/Use GPS satellites or background data on/off).

In comparison, I know iOS allows at least its users to block or give access to GPS per application. And Windows 8 (mobile/metro part) gives to user the control to what an application can do (access to location, camera, allow background task...).