Spammers Using Rogue Yahoo Mail App and Android Botnet to Send Spam Emails via Compromised Yahoo! Mail Accounts

A Microsoft engineer, Terry Zink discovered a new Android botnet, that is involved in sending spam email through a compromised Yahoo Mail account. However, these spam mails seem to be coming from Android devices.In a blog entry, Zink writes, "We've all heard the rumors, but this is the first time I have seen it - […]

A Microsoft engineer, Terry Zink discovered a new Android botnet, that is involved in sending spam email through a compromised Yahoo Mail account. However, these spam mails seem to be coming from Android devices.

In a blog entry, Zink writes, "We've all heard the rumors, but this is the first time I have seen it - a spammer has control of a botnet that lives on Android devices."

All the spam email's sent through Android bot contain the following Message-ID:

Message-ID: <1341147286.19774.androidMobile@web140302.mail.bf1.yahoo.com>

Furthermore, they all have the following at the bottom of their spam:

Sent from Yahoo! Mail on Android

"These devices login to the user's Yahoo Mail account and send spam." He adds, "I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for. Either that or they acquired a rogue Yahoo Mail app."

Android has the most malware compared to other smartphone platforms. However, as Zink himself notes, chances of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace, now called Google Play.

Since, Yahoo stamps the IP address in the headers of where the device connected to its service -- the IPs look up traced the geo to "Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela."

Update: A Google spokesperson just issued an statement saying, "Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using."

Acknowledgeing, Google's claims, Zink in a follow up blog post agrees that "the headers could have been spoofed, but still feels there's every chance that the messages were sent from compromised devices," he said.