We've all grown quite used to the idea of botnets stowing away on PCs out there on the Internet, spamming us from hacked inboxes in unknown places. Now, botnets are going mobile. Microsoft researcher Terry Zink says he's discovered evidence that an illegal botnet has hijacked smartphones running Google's Android operating system and used them to send spam from users' Yahoo email accounts.
Android has suffered from security problems in the past, but those have mostly been confined to Google Play--Google's online app store--where programs disguised as popular apps (or the pirated free versions of popular apps) infiltrate Android machines when they are voluntarily installed. But in a blog post Zink says that this is the first time he's seen a spammer create a major botnet that lives on Android devices.
The IP addresses used to send the spam Zink cites in his report came from Android devices residing in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela. That could be significant, Zink notes, because data show that users in the developing world tend to practice more lax online security practices than users in the developing world. But it creates problems for all of us.
Writes Zink: "This ups the ante for spam filters. If people download malicious apps onto their phone that capture keystrokes for their email software, it makes it way easier for spammers to send abusive mail. This is the next evolution in the cat-and-mouse game that is email security."
Skynet is alive and well and phoning home.....
I'm sure most of us have seen this coming for a while. Smartphones are the new frontier for malicious software.
Yahoo will continuously be a target medium for these issues until they fix their severe login and core network vulnerabilities. They no doubt have the absolute worst network security of any of the mainstream email providers (unless you count mail.ru, but they aren't really mainstream).
It couldn't hurt to beef up the background process security in android as well.
I like making phone calls, having a phone address book and enjoy an occasional sent and recieved text message. I do not need anything else in a cell phone, except to work reliably. On occasion, I drop my cell phone or in my home I loose it. I would fall to tears, if I broke or lost one of these modern smart phones, considering the cost.
Okay, I know that bashing Android is the latest cool trend in the media, but get your facts straight. There is no Android botnet, only a security vulnerability in Yahoo's application. I demand that you either remove or modify this article to reflect that.
I would post the URL, but the comment system won't let me. Just do a Google search for "Android botnet."
And, yes, I made an account just to say this.
"... users in the developing world tend to practice more lax online security practices than users in the developing world ..."
This makes no sense.