backtop


Print 14 comment(s) - last by stirfry213.. on Jul 9 at 5:30 PM

Google says it's just as likely spam was spoofed and came from Windows PCs

Microsoft Corp. (MSFT) spam researcher Terry Zink played provocateur when he published a blog indicating he had discovering a thriving Android botnet, which appeared to be driven by app piracy in the developing world.  The evidence he presented was a series of emails with distinctive signatures -- both email header information, and the text signature in the body -- indicating they had originating on an Android device.

Google Inc. (GOOG) has responded by pointing the finger back at Microsoft, suggesting that the headers and signature were likely spoofed to look as if they came from Android.   Comments Google, "The evidence does not support the Android botnet claim.  Our analysis suggests that spammers are using infected computers and a fake mobile signature to bypass anti-spam mechanisms in the email platform they're using."

Android has relatively robust anti-spam guards, so even if the device was infected with malware, Google says it would be difficult to exploit it for spamming purposes.

Spoofing
Spoofing is a time honored technique used by hackers to obfuscate IP requests, email headers, and phone numbers. [Image Soource: PC1 News]

As the text signature implicated Yahoo! Mail, the post also raised awkward questions for that company.  Yahoo! Inc. (YHOO) says that it is investigating the report to see if its email client is being abused.  As with the Android aspect, it's again possible that the header and body were merely spoofed to look like they came from the Yahoo! Mail client on Android, typically a relatively trustworthy source.

Header spoofing is a common, technique used by computer criminals.  As an email's header information and text are easily manipulated (or "engineered" in hacker terms), malicious user can change messages' headers to serve the dual purpose of disguising their true origin and to build trust by making it look as if it originated from a legitimate source.

Terry Zink, the researcher who published the original report, has since backtracked in the comments section of his post, acknowledging that spoofing was a possibility, but commenting that it merely seemed more likely that an Android botnet was causing the spam onslaught.  He did not, however, provide any additional evidence of how he came to that conclusion.

Source: The Register



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

I wonder...
By Florinator on 7/6/2012 2:35:21 PM , Rating: 2
...why would the spammers do that? Does it make a difference where the spam is coming from? What would be the benefit of this effort?




RE: I wonder...
By V-Money on 7/6/2012 3:04:39 PM , Rating: 3
I would assume it has to do with spamming as long as possible. If people think it is coming from android and it in fact coming from infected PCs, then people would be trying to fix something in the wrong area and ignoring the real problem.


RE: I wonder...
By WalksTheWalk on 7/6/2012 4:39:56 PM , Rating: 2
Yes, spoofing headers and such are either about tricking systems into sending your email or mis-direction to throw researchers off your trail.

Email is an on-your-honor system that people learned early on could be abused incredibly easily. The whole concept of "trust everyone" was obviously flawed and it's taking a very long time to implement authenticated, trusted SMTP between disparate systems. We're still not even there yet despite efforts such as SPF, SMTP-VERIFY, etc.


RE: I wonder...
By EricMartello on 7/6/2012 3:19:59 PM , Rating: 2
It hardly takes any effort to send an email using "fake" headers. SMTP, the email protocol still used today, is entirely text-based. Open up a telnet connection, connect to the mail server of the domain you want to send mail to and then type the appropriate SMTP commands to craft your message. You can say whatever you want. A spammer would simply automate this process using a basic script.

The reason for doing this is just as simple...if the email appears to be from a certain network, it will bypass certain spam filters and reach the inbox of the intended recipient.

If a smartphone is rooted I don't think there is anything Google could to do stop it from being used as a spam relay; the anti-spam measures on the phone are there to stop actual users from sending bulk email using the apps on the phone itself. If you root the phone you are essentially bypassing that and making it into a mobile SMTP server running the code included in the malware.


RE: I wonder...
By nafhan on 7/6/2012 3:37:17 PM , Rating: 3
According to this article and others they likely did it to get past spam filters. The spammers are probably the only ones in a position to say if the benefit was worth the effort.


RE: I wonder...
By wifiwolf on 7/6/2012 6:38:31 PM , Rating: 2
WTH? How do you think spam works?
You ever looked at the headers?
The addresses most of the times don't exist and they don't care if you can't answer back because they're not expecting you to answer - it's one way.
Now ask yourself how can you send an e-mail from an account that doesn't exist.


RE: I wonder...
By stirfry213 on 7/9/2012 5:30:37 PM , Rating: 2
After I had my old phone for a while, which was a HTC Inspire 4G, I installed the Yahoo app on it so I could easily check it. Later that day, the yahoo app grabbed all the emails associated with my contacts and sent them spam emails. As soon as I found out, I did a reset on the whole phone. It has never happened again. Consequently, I have never installed this app again.

I'm just surprised it took this long to get out.


google response
By kleinma on 7/6/2012 12:29:16 PM , Rating: 5
Google: "Um no, that bot net is not coming from android, we track everything and anything that happens on android handsets, so we would know if there was a botnet. Thanks."




RE: google response
By Alexvrb on 7/6/2012 9:41:03 PM , Rating: 5
Alternatively: "That's ridiculous! Our botnet hasn't detected any third-party botnets."


RE: google response
By mcnabney on 7/6/12, Rating: -1
freelance
By PittmanKen18 on 7/6/12, Rating: 0
RE: freelance
By KamikaZee on 7/7/2012 8:15:16 AM , Rating: 4
Oh the irony


Not so fast Google.
By BSquared on 7/7/2012 9:57:58 AM , Rating: 3
I've had spam emails from friends whom only have Android phones that synced a very specific email that I use for personal correspondence. The originating address is their's and includes my actual name in the body of the message, along with peddling of pharmaceuticals, penis enlargment procedures, and a plethora of other wares. Malware on the Android platform are very capable of sending out email culled from the contacts list. So Google saying that a botnet doesn't exist, is like saying Mac OS can't get malware. I'm pretty sure that the copious amounts of rooted Android phones also have some type of malware service installed. Though I'm not sure of the amount of infected phones, it's surely enough that I've had 5 of my friends have their phones spam mail me.




Spoofing headers
By immortalsly on 7/6/2012 12:58:39 PM , Rating: 2
I'm sure Yahoo will eventually come up with some "explanation" on how their mailers are being used to for spam.

This reminds me of a story in my younger days. In 1992, as a freshman in college, I learned how to spoof and sent a spoofed email to a buddy at another college. The message appeared to come from the IT department saying they aware of his questionable usage of university computing resources, that they've sent reports to his parents, and he could be expelled if he continued. I used fake names, non-existence department names, etc. I thought it was pretty obvious the message was fake. Well, he didn't. He panicked and went to the real IT department. They traced the message my college and eventually to me...not that I was really trying to hide anything, it was a joke. I was pulled into a meeting and got a lengthy lecture by the CS head. Ah, good times.




"I f***ing cannot play Halo 2 multiplayer. I cannot do it." -- Bungie Technical Lead Chris Butcher














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki