We all know that botnets are nasty conflagrations of unsuspecting peers, all ruthlessly controlled by bot herders and their C&C servers. And if there’s any one thing that we’ve learned about botnets, it’s that they’re the gold standard for anyone bent on unleashing mayhem on a world that’s become far too reliant on interconnectivity. But up until now, botnets have generally been understood to be prevalent on Windows machines, with Mac and Linux pulling up the rear as newbies to the party. And while it’s true that both of the former platforms have presented themselves as candidates for a career in botism, the sheer number of Windows PCs out there makes Windows the natural platform of choice. After all, that’s what botnets are all about. Numbers.
But our world may be changing quicker than we’d like it to, if a new finding by security firm Lookout has any modicum of truth (spoiler alert: it does). In a blog post on December 17, Derek Halliday at Lookout blogged that there’s a new zombie master at the party, and it doesn’t wear the colors of Windows, Mac OS, or Linux. In fact, it doesn’t even occupy a desktop. As several media outlets are reporting, an Android botnet sporting the open-source colors of the ubiquitous operating system has been discovered gracing phones and tablets everywhere. In fact, the botnet has “already been spotted on all major US carriers and has the potential to make a big impact at the network level if it isn’t dealt with soon,” according to thenextweb.com.
Lookout detected the problem on December 3, while working in conjunction with an unnamed carrier. Dubbed “SpamSoldier,” (how cool is that? Just saying) the botnet is currently limited to propagating through SMS. “SpamSoldier is primarily spread through SMS messages that advertise free versions of popular paid games like Need for Speed or Angry Birds Space. Once the user clicks on a link from one of these SMS messages, their phone downloads an application that claims to install the game. By opening that ‘installer’ app, the user is activating the SpamSoldier Trojan.”
According to thenextweb.com, the infection is delivered in any number of SMS spam messages, and they cite these examples:
“You’ve just won a $1000 Target gift card but only the 1st 1000 people that enter code 7777 at hxxp://holyoffers.com can claim it!
Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at hxxp://trendingoffers.com for next 24hrs only!”
Once installed, SpamSoldier removes its icon from the launcher and may even install the game that enticed the user to click, in order to cover its tracks. It goes to work right away, connecting to the Command and Control server to get its orders, going to work by spreading joy throughout the universe in the form of SMS messages. The C&C server gives the zombie a list of 100 numbers to spam and a spam message to deliver. Once it’s done its job, it talks to the C&C again, repeating the process until the application is closed or the C&C server fails to respond. So right away, infected users can expect to incur costs for vast amounts of text messages, an unwelcome surprise, even when it’s not Christmastime and your credit card isn’t maxed out.
Lookout downplays the impact of this initial finding, but cautions that it could, and probably will, get worse. “It appears that the distribution of this malware is limited. Overall detections remain low but we’ve observed instances on all major US carriers. The potential impact to mobile networks may be significant if the threat goes undetected for a long period of time. The primary negative impact appears to be the large amount of SMS messages sent and the potential this has to result in charges to the user and/or a slowdown of the carrier’s network.”
The discovery of SpamSoldier only tells us what we already knew: Android is a breeding ground for the next wave of spam and security threats. Botnets are a numbers game. The more zombies in the mesh, the broader the possibilities, and recent reports show that Google’s Android is well on its way to turning the world into a Will Smith kind of world, with robots turning against their makers in a revolution that will make the storming of the Bastille look like a day at the amusement park. Okay, that last part is pure fantasy, but here’s what we do know: Android is everywhere. That this was an SMS campaign shouldn’t give comfort to IT and networking professionals, when you consider the opportunities that these email-aware devices pose to bot herders.