Google lashes out at Microsoft's Android botnet allegations

Google has lashed out at Microsoft researcher Terry Zink, claiming there is no evidence to support his warning that a new botnet is forcing infected Android phones to churn out spam.

The search giant said that its own internal research indicated the spam messages were stemming from PCs as opposed to smartphones in a statement sent to V3 on Friday.

"Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using," said Google.

The Android botnet reports initially stemmed from Microsoft researcher Terry Zink on 3 July, when he claimed to have discovered evidence that a botnet had successfully infiltrated the Android ecosystem.

In his post Zink warned that a new form of the malware was accessing Yahoo Mail accounts on Android devices to send spam messages.

He also reported tracking the originating IP addresses to Asia, Eastern Europe, South America and the Middle East.

If true the botnet would be the first ever discovered successfully targeting the Android ecosystem.

Since Google's attack Zink has issued a second blog post admitting the spam headers could have been spoofed to make it look like they came from Android devices instead of a PC.

"Yes, it's entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the message-ID thus overriding Yahoo's own Message-IDs and added the 'Yahoo Mail for Android' tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices," wrote Zink.

"The other possibility is that Android malware has become much more prevalent and because of its ubiquity, there is sufficient motivation for spammers to abuse the platform. The reason these messages appear to come from Android devices is because they did come from Android devices."

Other security vendors have also reported finding evidence that the spam stemmed from Android.

Initially Sophos issued its own report verifying that it too had discovered evidence of a botnet running on infected Android smartphones.

Lookout chief technology officer Kevin Mahaffey suggested that rather than malware on the Android devices, a more likely explanation was the behaviour was attributable to Yahoo's Android email app.

"We’ve reached out to Yahoo with this information and they have acknowledged that their mobile team is actively working on these issues," Lookout said in a company blog.

The news follows on from warnings by security firm Trend Micro that cyber criminals are flocking to the Android ecosystem.