Microsoft Engineer Discovers Android Spam Botnet, Google Denies Claim 152
An anonymous reader writes "Microsoft engineer Terry Zink has discovered Android devices are being used to send spam. He has identified an international Android botnet and outlined the details on his MSDN blog. A closer look at the e-mails' header information shows all the messages come from compromised Yahoo accounts. Furthermore, they are also stamped with the 'Sent from Yahoo! Mail on Android' signature. Google has denied the allegations. 'The evidence does not support the Android botnet claim,' a Google spokesperson said in a statement. 'Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using.'"
Just link to the ACTUAL blog entry (Score:5, Insightful)
Would it kill you to link to MSDN - where the blog entry actually resides? I get the anti-MS sentiment (although jeez, quit living in the 90s), but making readers jump to ZDNet first (or sending them back to /.) is just being passive aggressive.
Re:Just link to the ACTUAL blog entry (Score:5, Informative)
Here's [msdn.com] the original blog entry.
Re:Just link to the ACTUAL blog entry (Score:4, Interesting)
Fascinating conclusion he's come to. It looks like MS engineers don't understand Joe jobs.
Your Moneyz... (Score:1)
...givez them to meh...
-- sent from my orbiting HQ, beeeyatches!
In other news...spammers lie. More egg on MS face. No wonder Windows gets so many viruses etc.
Re:Just link to the ACTUAL blog entry (Score:4, Insightful)
Fascinating conclusion he's come to. It looks like MS engineers don't understand Joe jobs.
Under normal circumstances, MS does not hire idiots (with exception of Ballmer, of course)
So ... this looks more like that MS engineer trying to make a name for himself
Re: (Score:2)
So ... this looks more like that MS engineer trying to make a name for himself
Maybe.
But I wouldn't put it past Microsoft to experiment with the Backfire Effect [wikipedia.org] in their marketing. It's been in the news a bit lately, so it'd be topical for them.
http://www.abc.net.au/unleashed/4111544.html [abc.net.au]
Re: (Score:2)
But I wouldn't put it past Microsoft to experiment with the Backfire Effect [wikipedia.org] in their marketing. It's been in the news a bit lately, so it'd be topical for them.
Hmm ... you got a point there !!
After all, the Backfire Effect is part and parcel of Microsoft FUD campaign
Re: (Score:1)
That's true. Dislike Microsoft if you like, but they only hire really good people, like Google does.
Eh, that's not entirely true. I once solved a bug in 10 minutes that our resident "masters" engineer and two $1000/day Microsoft rentals couldn't in two days.
Of course, I prefer to think of it as I am to them what they are to most of you.
Comment removed (Score:5, Interesting)
Re: (Score:2)
These are also the guys who were doing daily downloads of something like 50 mb of data (redownloading all of your e-mails) on their first iteration of the windows phone app. So it's entirely possible whatever the problem is, is actually a yahoo problem and not particularly an android problem.
Re: (Score:3)
How do you know the spam comes from android devices?
Re: (Score:2)
Re: (Score:2, Informative)
did you not read any of the other comments or...?
You know you can put whatever footer on an email you want, right?
Sent from my iPhone 6 on the NASA Network
Re: (Score:2)
Re: (Score:2)
man, a microsoft guy who is convinced that it is actual android spam as opposed to that people could say "sent from yahoo! mail on android"?
say it ain't so!
It's almost like jumping to conclusions or something.
Re:Just link to the ACTUAL blog entry (Score:4, Insightful)
I get the anti-MS sentiment (although jeez, quit living in the 90s)
Microsoft remains as evil as it ever was, two decades later. Anti-MS sentiment is not only richly deserved, but prudent.
Re:Just link to the ACTUAL blog entry (Score:5, Insightful)
Microsoft is evil in the same way that suicide is a sin. We're talking about a company that's only relevant on one doomed platform, choking to death on too many brands and too many failed attempts to enter other markets. Unix is everywhere. Unix beat Microsoft a long time ago.
Stop poisoning the discourse by giving Microsoft such a disproportionate share of the hate. Adobe's just as bad, and Oracle's a lot worse. Why don't you rail against them? Why don't we talk about how, once Windows is gone, our only practical choice will be between a walled garden or an operating system that's philosophically dominated by the toxic, vapid musings of a man who literally believes that it is better to let your children starve to death than ply your trade as a software developer?
Re: (Score:1)
or an operating system that's philosophically dominated by the toxic, vapid musings of a man who literally believes that it is better to let your children starve to death than ply your trade as a software developer?
Someone explain to me how the hell an overexagerated, inaccurate ad hominem attack of almost no relevancy gets marked "Insightful?"
Re: (Score:2)
His first sentence plays to the crowd well. Before he goes off the deep end completely.
Re: (Score:1)
And yet we all obviously know exactly who I'm talking about even though I didn't say a name. Doesn't that tell you something about the state of FOSS?
Re: (Score:2)
seem to be missing the elephant in the room with your examples of evil companies...
Re: (Score:1)
I think this comment summarizes the reason I never visit slashdot anymore.
That and you have to wait for a new page to load when making a comment. Annoying.
Re: (Score:2)
This is the internet. We already complain about everything.
Re: (Score:3)
Stop poisoning the discourse by giving Microsoft such a disproportionate share of the hate. Adobe's just as bad, and Oracle's a lot worse. Why don't you rail against them?
Because the discussion is about Microsoft. Don't worry, the next Adobe or Oracle article posted will get their share of venom.
Why don't we talk about how, once Windows is gone, our only practical choice will be between a walled garden or an operating system that's philosophically dominated by the toxic, vapid musings of a man who literally
A Microsoft engineer? (Score:1)
and he doesn't realise that any program on any computer on the internet could pretend to be on android? I don't know much about mail but I would guess the"'Sent from Yahoo! Mail on Android' signature" would have been set by the client
Re:A Microsoft engineer? (Score:4, Insightful)
and he doesn't realise that any program on any computer on the internet could pretend to be on android? I don't know much about mail but I would guess the"'Sent from Yahoo! Mail on Android' signature" would have been set by the client
Engineer perhaps doesn't mean so much at Microsoft.
Posted from my AndBot
Re: (Score:1, Insightful)
And you are a blathering idiot if you actually believe MS engineers are not some of the best software engineers in the world. You can go after MS for a whole host of shit but their engineers in their development and R&D entities are hardly stupid. The competition to recruit these people is intense and constant. Google in particular are constantly on the prow to snag engineers of this caliber. The vast majority of MS security and other issues can be placed at the feet of incompetent application developer
Re: (Score:1)
And who is it that created the dev system used by these "incompetent" "programmers"? 90% of .NET code that actually executes on computers belongs to MS and "programmers" just sort of fill in the blanks. Not to mention that MS still allows an App to reinstall major OS libraries as part of their runtime installation (e.g. replacing the critical MSVCRT*.DLL libraries sometimes with one two years older than was installed because the developer is using the old version of the DevSoftware because they can't aff
Re: (Score:2)
Most programmers I know always ask themselves.. "how can I abuse or misuse this?" in order to try to guard against it. Who would you blame for the MS dumb-as-fuck decision to allow embedded code in JPEG to allow unattended execution of binaries with the same privilege level of the user only intending to view a picture?? Who would you blame for the decision to allow remote execution of binaries feature stuck into notepad?? Its a friggen text viewer, it should NOT be executing code without user consent. This
Re: (Score:2)
And you are a blathering idiot if you actually believe MS engineers are not some of the best software engineers in the world.
And you're not paying attention if you do. BSODs? Linux never had one. Random crashes? I don't know of Apple suffering from this, but Explorer crashes at least once a week on my Win 7 notebook.
Sorry, fool, try out another OS and you'll see just how damned bad MS "engineers" are.
Re: (Score:2)
MS is full of talented engineers, surrounded by business plans that don't always make technical sense necessarily, and a huge big organization that suffers from all the same problems as every other huge big organization. Just because you're competent, and all of the other people in your group are competent doesn't mean you make a good team, and doesn't mean you did something that will actually make money, nor does it mean anyone responsible for the strategic direction of your company will want to listen to
Re: (Score:1)
I believe that Microsoft engineers are great emailers, facetimers and backstabbers.
Oh, please excuse me. I believe that Microsoft engineers are super great emailers, facetimers, backstabbers and astromodders.
Correction: Microsoft engineers are super great emailers, facetimers, backstabbers and astromodders, and resent being told that.
Re: (Score:2)
I believe that Microsoft engineers are great emailers, facetimers and backstabbers.
Oh, please excuse me. I believe that Microsoft engineers are super great emailers, facetimers, backstabbers and astromodders.
Correction: Microsoft engineers are super great emailers, facetimers, backstabbers and astromodders, and resent being told that.
Correction: Microsoft engineers are weenies.
Re: (Score:1)
One wonders how he even really knows they were sent from Yahoo accounts. Maybe that was spoofed too?
Sent from my Eniac I
Re:A Microsoft engineer? (Score:5, Informative)
Re:A Microsoft engineer? (Score:5, Funny)
Sent from my Cray Supercomputer. BillGates@Microsoft.com
Doesn't realise? Or... (Score:5, Insightful)
Well, either "doesn't realise" or "has a vested interest leading him to first fail to mention and, after that, downplay the possibility". Which is more likely is left as an exercise to the reader.
Re: (Score:1, Interesting)
That was largely my thought, Android devices lack the processing power and access to bandwidth that your average laptop or desktop has. While I'm sure it's technically possible to have an Android spam botnet, it really begs the question as to why anybody would bother to develop such a thing. Considering how unreliable the connects are and how little you can transmit combined with the increased difficulty of getting the code to run, it doesn't seem like something that would be profitable enough to justify ma
Non-story? (Score:1)
Is there any reason that Google's explanation isn't legit? Seems like a perfectly good explanation to me. Anti-spam techniques have become pretty abstract these days. I could easily see a hidden rule that prioritizes traffic sent with a properly formatted signature matching their flagship mobile OS (until said rule gets discovered).
Spam lying!?! (Score:5, Funny)
What ? Spam lying?!?
I am shocked. SHOCKED, I tell you!.
Tens of thousands of apps, wow! (Score:2, Funny)
The sad part (Score:4, Informative)
The really sad part is how far Microsoft has fallen. They can't even do FUD well anymore.
Re: (Score:2)
Microsoft has never really been very good at FUD either. The only thing they really excel at is protecting their monopoly by illegal means while paying only modest fines for the privilege.
Re: (Score:2)
yeah, how's that monopoly going?
i look around my office... at a glance, maybe 30% mac?
Re: (Score:2)
Microsoft still exercises monpoly control over PC OEMs. A rather big segment of the technology market, still growing in fact. But the margins are shrinking.
Re: (Score:2)
You're in music and design? In the 3 story building I work in there's a mainframe (unsure as to who built it, they had an IBM a decade ago), a whole lot of Windows computers, and no Macs at all. When you have to deploy thousands of PCs, you just don't go out and buy the most expensive ones on the market on a whim.
Your office is not the average office.
Why not? (Score:5, Interesting)
This seems like a much easier way to send spam... Most users will be using the stock mail app so just install, ask for the world in privileges (most users just click yes to anything), then send spam in the background using the user's account.
If you are smart, you avoid sending any spam to that user's contacts and intercept any replies that contain the spam text as a quoted string. That would make it far less likely for the victim to notice anytime soon.
Even if the spam isn't coming from Android phones right now, I'm sure someone will do it eventually.
Re:Why not? (Score:5, Informative)
(most users just click yes to anything)
On Android, you have to. Your only options are accept everything or you don't get the app.
Re:Why not? (Score:4, Informative)
I've posted this before, but here we go again. There are quite a few options for fine-grained permission control on Android. My top 3:
1) Cyanogenmod includes permission management. You'll have to flash it on your device, but it's not hard. http://www.cyanogenmod.com/
2) PDroid - requires a patched kernel http://www.xda-developers.com/android/pdroid-the-better-privacy-protection/
3) LBE Privacy guard - requires root https://play.google.com/store/apps/details?id=com.lbe.security.lite
Re:Why not? (Score:5, Informative)
To be clear, Cyanogenmod 7 contains permission management. This feature was dropped in Cyanogenmod 9.
Re: (Score:3, Insightful)
Now try again, without requiring flashing a custom OS version or root. The average user is not going to do any of that.
Re: (Score:2)
Sad but true.
Cyanogenmod has it's awesomeness, but when you have to get nightly builds to be able to run ICS without a slew of bugs there's a whole lot wrong with the user experience. And that by the way is not a criticism of the cyanogen guys, without them my phone would still be on 2.3.3 probably, or bug riddled official version of ICS but the main feature of android (not a walled garden!) is far too difficult to benefit from.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Sounds a lot like applications Microsoft creates...
Re: (Score:3)
On iPhone your only option is ...well you don't get to see the rights the app needs and so you don't know and aren't asked, you just have to trust Apple ...
Backwards from reality (Score:2)
On iPhone your only option is ...well you don't get to see the rights the app needs
You actually have this totally reversed.
On an iPhone app, you are asked for rights to access protected resources ONLY at the time the app tries to use them, not in some laundry list before you ever run the app and know what it needs.
Currently the address book is not a protected resource but it is in iOS6, and then it will feature the same sensible security measure of asking for permission at time of first access as opposed t
Avoiding lawsuits (Score:4, Insightful)
Anyway, a botnet uses a standard mail client to send its payload? Even thinking that is a bad signal about them.
Engineer is backtracking (Score:5, Informative)
There is a follow-up blog post [msdn.com] where Zink backtracks a bit and admits the headers could be forged.
"In comments of various blogs a lot of people have suggested that these headers are spoofed, or there was a botnet connecting to Yahoo Mail from a Windows PC and sent mail that way. Yes, it’s entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the the message-ID thus overriding Yahoo’s own Message-IDs and added the “Yahoo Mail for Android” tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices."
Re:Engineer is backtracking (Score:5, Funny)
"Elaborate deception" -- If that's his idea of elaborate, I wish he worked in marketing and not software!
Original story (Score:3)
http://blogs.msdn.com/b/tzink/archive/2012/07/03/spam-from-an-android-botnet.aspx [msdn.com]
Go Microsoft (Score:1)
Re: (Score:2, Insightful)
Re:Go Microsoft (Score:5, Insightful)
And if anyone knows how to take what should be a simple, straightforward, technical discussion and turn it into a MS vs Google flame war, it will be Slashdot commenters.
Re: (Score:1)
And if anyone has mastered to art of baiting the said flamers it will be slashdot flame master baiters.
It Shouldn't Be Too Hard To Verify (Score:5, Insightful)
Or to disprove the claim if we can look at the mail headers. Especially if we have multiple samples.
The claim, on its face, is plausible. However if you're a spammer, you want to send out as many emails as quickly as you can. Sending emails via a wireless device (either WiFi or cellular) seems like wasted effort when there are so many cable/dsl/fiber connected PCs (running whatever OS, but usually Windows) out there that can send many more spam emails in the same amount of time -- Usually without alerting non-technical users who don't review their router/firewall logs often, if ever.
All that said, I suppose it's possible. It just seems a little strange that this should come out of Microsoft -- especially since there are many very technical people out there who are rolling their own Android -- you'd think they'd have found it first.
Re: (Score:2)
Maybe some very technical people don't trust spam email headers to be true, let alone TEXT IN THE SPAM BODY.
Huh? Yeah. You mean guys like me. That was my point. By looking at the email headers you can (usually) get a pretty good idea about the source of the email.
Just to make sure your reading comprehension is at least third grade, I'll repeat myself:
It Shouldn't Be Too Hard To Verify Or to disprove the claim if we can look at the mail headers
Was there something in there you didn't understand? I hope you're an ESL person.
Now lemme get this straight... (Score:2)
That carries as much weight for me as Steve BLAMMER stating that he's going to &^%&$!! bury Google.
Noise with no real content. Next.
Is the Message-ID incrementing? (Score:4, Interesting)
And if so does it match the generation scheme used by Android.
If it's a repeating "Message-ID: " as the blog suggests then it's likely forged.
Redmond Help Wanted (Score:3)
Are you a skilled Android, iOS, OSX, or Linux malware author, and enjoy damp north-west coastal weather? Well, get out of your parent's basement and apply now to work in a large office with other similarly minded psychotic co-workers. The borg collective needs you, in order to stop its sliding market share! (After all, you can only get so far with frivolous lawsuits.)
Re: (Score:3, Interesting)
FWIW, I see far more frivolous lawsuits from Apple these days than from Microsoft. In fact, when was the last time we talked about a Microsoft lawsuit?
Re: (Score:2)
Is it just Yahoo? (Score:5, Interesting)
I see emails from compromised accounts. The one thing that appears to be common is that it is always from Yahoo accounts. After one of my friends had her Yahoo account compromised, I throughly scanned her PC -- nothing showed up. I scanned the hard drive while connected to a known clean PC, so it wasn't just a well hidden malware.
I am beginning to wonder if there is a vulnerability in Yahoo's security that is being used to compromise accounts.
Re:Is it just Yahoo? (Score:5, Insightful)
nothing shows up because it's not on her pc, i've had spam coming from a former online friend, and more recently spam claiming to come from my own yahoo address.it turns out if you manually set the x-apparently-from yahoo will show that as the sender. yahoo explains it better here http://answers.yahoo.com/question/index?qid=20100725063846AAoDV1T [yahoo.com]
Re:Is it just Yahoo? (Score:5, Interesting)
Her account had to be compromised somehow. The emails were sent using her credentials. Her Yahoo mailbox was modified to delete all the saved emails and contacts, change the password and forward the email elsewhere. It was not simply someone sending email that looked like it came from her account -- it really was sent using her Yahoo account.
She told me that she only checks her email from her PC, at home. She doesn't use open-Wifi points, she doesn't use other PCs. Unless there was some kind of malware the vaporized itself from her PC after stealing her account credentials, or [contrary to what she told me] she really did use another PC to check here email the limited evidence suggest that her account credentials were stolen by a security flaw at Yahoo.
Re:Is it just Yahoo? (Score:5, Interesting)
The answer is a Firefox exploit with an invisible iFrame. I have seen it myself and Hairyfeet noticed the same thing if you browse some porn sites with Firefox after you log in your account will randomly start spamming people.
Basically it is an iframe rogue ad which looks identical to the yahoo email login and it uses javascript to place it over the real yahoo login from yahoo.com. Since the iframe is invisible in Firefox you have no clue and just click on it and give in the username and password.
I wonder if Mozilla fixed this?
Re: (Score:2)
Re: (Score:2)
I'm easily amused.
Re: (Score:2)
How many of these yahoo accounts were the contact address for a LinkedIn account and used the same password?
Re: (Score:2)
One of the people to whom this happened has suffered repeated break-ins to her Yahoo account. After the first compromise, I stressed the importance of not only having a strong password, but making sure that her password was not used elsewhere. So the suggestion that the cause was password re-use fails in at least one case. Also, I am fairly sure that she does not have a LinkedIn account.
Re: (Score:2)
Possibly. To add to your anecdote, a couple months ago my old Yahoo! account got cracked, and I figured it was because I had left a weak password on there (fairly susceptible to a dictionary attack with some variance). So I changed to a stronger password and enabled two factor authentication. Then last week my coworker also got cracked, and she reported that she had a weak password.
Maybe someone got a copy of a Yahoo! hashed password and user name table that they can work against with a computer cluster, or
What if it were iOS....? (Score:2)
We wouldn't let the facts interfere with our theory, would we?
Re: (Score:1)
I'm well aware of this spam (Score:3, Informative)
For roughly the last week I've been using the string from the summary as essentially perfect proof that a message delivery attempt to my server is spam. The fact that Yahoo delivers almost no legitimate mail eases my worries. How the messages are actually originating is irrelevant to me, but bloody Hell there are a lot of 'em.
Every three or four weeks the spammers seem to come up with a new template for the Yahoo spam they send and this is just the latest (actually, there seem to be a couple of huge spam operations running through Yahoo, not counting all the 419 scammers).
Yahoo doesn't accept abuse complaints, and 10,000 Yahoo accounts are openly advertised as costing $137. It's hard to see how this is not a very serious problem that Yahoo should feel obligated to address.
Here's roughly what a representative spam from this campaign looks like, slightly edited with mangled HTML so that Slashdot would display it:
Return-Path: .androidMobile@web140206.mail.bf1.yahoo.com>
Received: from nm23-vm1.bullet.mail.bf1.yahoo.com (98.139.213.141) by
myserver for spamvictim@mydomain>;
Sun, 1 Jul 2012 12:55:08 -0700
Received: from [98.139.212.145] by nm23.bullet.mail.bf1.yahoo.com with NNFMP; 01 Jul 2012 19:41:56 -0000
Received: from [98.139.212.199] by tm2.bullet.mail.bf1.yahoo.com with NNFMP; 01 Jul 2012 19:41:56 -0000
Received: from [127.0.0.1] by omp1008.mail.bf1.yahoo.com with NNFMP; 01 Jul 2012 19:41:56 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 31585.24743.bm@omp1008.mail.bf1.yahoo.com
Received: (qmail 53658 invoked by uid 60001); 1 Jul 2012 19:41:55 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1341171715; bh=XCjzxBAl+aG8gtCEWjueAIJtqJl1qzpQf/Pvh1rDXMQ=; h=Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=nilcBrxhBDZ0vkail/UfvoWOspyAWtrnB4QklyD6KWshJdxlXlynsFBMeRaBWQICEtqEITG+SmghLsJStFOWR+eb39JXx1a5tl6LV/CQc9yIIrdmdR8qsdY3bwaqXYp+OfxsePQCZ0C+AoeJDlmIk0m51VIB1io7Kk9P7iudDok=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;
b=cHirUEK+wuN6DGQSrgiWi6qqyGJFrSO9BVJaVwv664oJ+u1RLo95cHPuIDPutn5hMoTiBFi3zmvjmprGCAVlP3EQDzWDQD6dG6tUO02acOYLJJ3WM9MKCqUKAb/nCAKaQ8xh/bzU1/zC/nQP9WZRidccQUSNChY6+bAhx3tol3E=;
Received: from [190.201.200.221] by web140206.mail.bf1.yahoo.com via HTTP; Sun, 01 Jul 2012 12:41:55 PDT
X-Mailer: YahooMailWebService/0.8.120.356233
Message-ID: ##########.#####
Date: Sun, 1 Jul 2012 12:41:55 -0700 (PDT)
From: Desiree Chinnici DesireeChinnicifo64@yahoo.com>
Subject: FWD: 300% Gain!
To: "noncale@simon.com" noncale@simon.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--nottherealboundarymarker=:blargh--"
--nottherealboundarymarker=:blargh--
Content-Type: text/plain; charset=us-ascii
Please Enable Images to View this Important Newsletter!
img src="https://public.blu.livefilestore.com/longuniqueidentifier/13.gif?psid=1"/a>
Sent from Yahoo! Mail on Android
--nottherealboundarymarker=:blargh--
Content-Type: text/html; charset=us-ascii
table cellspacing="0" cellpadding="0" border="0">tr>td valign="top" style="font: inherit;">p>/p>
p>Please Enable Images to View this Important Newsletter!
br> /td>/tr>
img src="https://public.blu.livefilestore.com/longuniqueidentifier/13.gif?psid=1"/a>br>br>br>/p>
p>Sent from Yahoo! Mail on Android/p>
--nottherealboundarymarker=:blargh--
microsoft up to their ld tricks? (Score:1)
Idea I have for android malware prevention (Score:2)
I'm not interested in programming myself, but I've always pondered the possibility of blocking certain android permissions with an app.
There is an app called permission denied that will allow you to do this, but it doesn't do so gracefully. When a targeted app does something to utilize the permissions it already assumes the OS has given it, it will typically crash when it can't execute that function due to lack of a try/catch, because the developer normally wouldn't expect to need one there.
So instead of ou
Re: (Score:2)
PDroid [xda-developers.com] does most of that spoofing (though contact lists seem to just be spoofed as empty, not randomized)
MS should understand (Score:2)
Smug bastards and now apparently truly blithering idiots I say.
email forgery (Score:1)
1. First: the example " by CO1EHSMHS003.bigfish.com (10.243.66.13) with Microsoft SMTP Server id 14.1.225.23; Sat, 30 Jun 2012 23:22:47 +0000" points to an "Host 0.66.243.10.in-addr.arpa. not found: 3(NXDOMAIN)".
2. Second: the example "Received: from [redacted]" ?!?! "via HTTP" doesn't point to a particular email sender source.
3. Third: no two different messages must ever have the same Message-ID. The message identifier (msg-id) itself MUST be a globally unique
identifier for a message
Cannot be... (Score:2)
Impossible (Score:1)
Re: (Score:2)
Also, it bears noting the Google typically doesn't deny those stories.
Also, it bears noting that the allegation comes from a direct compititor to the android phone.
Re: (Score:2)
A direct competitor that is already using patent extortion to force android handset makers to pay royalties.
Re: (Score:2)
Also, it bears noting the Google typically doesn't deny those stories.
They did [zdnet.com] on this one. It's even on the summary
Re: (Score:2)
The realistic alternative is that someone's registering a whole bunch of Yahoo! e-mail addresses and pretending to be running an Android device in order to spam with them. Someone in the comments of the original Microsoft blog entry reckons that the e-mail addresses used all have the same format (FirstnameLastname + 2 digits @ yahoo.com) which would be a pretty clear sign they're not just existing accounts that are compromised, and if there was an Android botnet there's no reason why it should reveal it's r