Researcher uncovers Android phone 'botnet'

Malware has been spreading on Android mobile phones that takes control of certain email accounts to create a "botnet" - or a compromised device - to send out spam, a security researcher said this week.
Microsoft security engineer Terry Zink said the malware has infected the phones of users of Yahoo email accounts to send out spam messages.
"We've all heard the rumors, but this is the first time I have seen it - a spammer has control of a botnet [program] that lives on Android devices," Zink said in a blog post Tuesday.

 

"These devices login to the user's Yahoo Mail account and send spam."
He said the phones appear to be located in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.
"I've written in the past that Android has the most malware compared to other smartphone platforms, but your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace," he said.

"But if you get it from some guy in a back alley on the internet, the odds go way up."
He added that users in the developed world "usually have better security practices and fewer malware infections than users in the developing world".
"I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for," Zink said.
"Either that or they acquired a rogue Yahoo Mail app."
A report earlier this year by the security firm AV-Test found some Android-powered phones downloaded malicious code after installation and said this was more common in the Google Android system than in the Apple ecosystem which has stricter security policies.
Google has a security system known as Bouncer to scan for malware but some experts recommend additional protection for phones using the platform.

Sourced: http://www.smh.com.au/it-pro/security-it/researcher-uncovers-android-phone-botnet-20120706-21kht.html