Yahoo Mail Exploit Blamed for Widespread Spamming

Dennis Faas's picture

Rumors of a rampant Android-based botnet that is spamming individuals around the world are now proving to be unfounded. Instead, experts have discovered that Yahoo Mail may have been compromised.

Rumors of an Android-based botnet first began circulating last week. Reportedly, the botnet was sending out waves of pharmacy, penny stock, and e-card spam emails.

Terry Zink, a program manager for Microsoft's Forefront security product team, added credibility to the rumors by claiming, "a spammer has control of a botnet that lives on Android devices. These devices login to user's Yahoo Mail account and send spam." (Source: computerworld.com)

Later, security company Sophos also warned users that the spam was indeed coming from compromised Android devices.

Security Experts Hunt for Source of Problem

An international hunt by some of the best minds in mobile security followed. Some analysts pointed to infected devices based in Eastern Europe, Asia and South America as possible sources of the spam.

However, efforts to locate the precise source of the unwanted messages proved fruitless.

Other experts suggested the problem stemmed from computer owners who had downloaded pirated copies of legitimate commercial apps, unleashing malware that spread like wildfire.

But after additional research, Lookout Mobile Security identified several "potential security issues" apparently proving that compromised flaws in Yahoo's Android app were most likely the source of the spam messages, rather than a large-scale botnet. (Source: computerworld.com)

The San Francisco-based security company shifted the focus away from an alleged botnet issue by following several telltale clues.

In almost all of the spam messages, for example, the Message-ID field in the email headers contain "androidMobile." The messages themselves always conclude with "sent from Yahoo! Mail on Android".

In light of these discoveries, Zink and Sophos have backtracked from their previous claims, but continue to argue that an Android botnet was one of the original possibilities.

Yahoo Mail Exploits Still Problematic

Whatever the cause, the issues with Yahoo Mail are problematic. Lookout continues to warn that the vulnerabilities it found "have potentially broader implications for all Android users of Yahoo Mail."

Even with the actual source of spam identified, the waves of incoming pharmaceutical, penny stock, and e-card spam continue to plague Android users. (Source: com.au)

To its credit, Lookout has pledged to continue digging, and will publish more information as it becomes available. Meanwhile, Yahoo has not commented on the matter.

Rate this article: 
No votes yet