If you read this website, chances are you are familiar with the concept of a botnet. It's a series of PCs that are all infected with malware and are use by the software's creators to mostly spam emails to others. Microsoft has made a big effort to stamp out PC botnets. In fact, it announced just this week that it named two defendants in its takedown of the Zeus botnet.
Now a Microsoft engineer named Terry Zink has announced he may have discovered a new botnet, but it's not installed on any PCs. In a post on his MSDN blog, Zink writes that he has been seeing samples of spam emails generated from Yahoo Mail accounts. However, these spam mails seem to be coming from Android devices.
Zink writes, "We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices. These devices login to the user’s Yahoo Mail account and send spam." He adds, "I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for. Either that or they acquired a rogue Yahoo Mail app."
Android devices tend to have more malware infections than any other smartphone OS. However, as Zink himself notes, users who download their apps from the Google Play store usually don't have anything to worry about.
Source: Terry Zink's Cyber Security blog