Earlier this month, Microsoft Engineer ,Terry Zink said he discovered spam was being sent from compromised Yahoo accounts from what looked like an international Android spam botnet.
He stated that the messages all come from Yahoo Mail servers. They are all from compromised Yahoo accounts. They are sending all stock spam, the typical pump and dump variety that we’ve seen for years. Furthermore, they all have the 'Sent from Yahoo! Mail on Android' text at the bottom of their spam.
Google, however, refuted that the spam were sent from an Android botnet, stating that the spammers behind this may have used infected PCs and fake mobile signature in an attempt to bypass email filters.
Security Researchers at Lookout have identified a security hole in the Yahoo! Mail app for Android, which they believed to be responsible for the so-called mobile spam botnet. Today, Trend Micro experts have confirmed the existence of the vulnerability.
They couldn’t precisely say if the vulnerability is in fact responsible for the spam sent out from mobile phones, but the fact that they independently appoint the same weakness as a possible cause makes this scenario even more plausible.
The vulnerability discovered by the researchers allow an attacker to gain access to a user’s Yahoo! Mail cookie.
This bug stems from the communication between Yahoo! mail server and Yahoo! Android mail client. By gaining this cookie, the attacker can use the compromised Yahoo! Mail account to send specially-crafted messages. The said bug also enables an attacker to gain access to user’s inbox and messages.