we have been accustomed to the uncomfortable fact that botnets lurk in the more unseemly corners of the intertubes. These networks of interconnected computers are used to carry out DDoS attacks and spend spam without the owner’s knowledge. What may come as a surprise, is that security researchers have now pointed the finger at Android smartphones as a new component of botnets. Is it finally time to look suspiciously at that phone in your hand?
This report comes by way of Microsoft researcher Terry Zink, who
posits that Android phones are being used to send spam from Yahoo! mail
servers. There is no way currently to know who is controlling this supposed botnet, but the IP addresses indicate the devices are being used in various countries around the world including Chile, Indonesia, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.
Microsoft’s Windows Phone platform is being pushed as an alternative to Android, but there is no reason to assume that Zink is being disingenuous. Sophos Security has reviewed the findings and agrees that it does look like a new botnet is living on Android phones. Although, Sophos is careful to point out that until a causative agent can be identified, there is no way of knowing for sure.
When you think about it, smartphones are a perfect vector for botnets. They are on virtually all the time, have a constant internet connection, and people have not yet become wary of installing potentially malicious apps on their phones. Google has had some malware scares in the past in the official Play Store, but the location of this outbreak makes infiltration of that repository unlikely. Google’s response to the report was to tout its Bouncer anti-malware system, which has had success in seeding out scams and malware.
No comments:
Post a Comment