Here's how to avoid the latest "ZOMG SCARY ANDROID BOTNET SCARY SCAM!!!" of the week.
- Don't click on obviously spammy text messages from people you don't know.
- Don't click on obviously spammy text messages from people you do know.
- Don't leave leave your phone's built-in security features turned off unless you absolutely need to.
If it seems like we've been here before, well, we have. This week's worry is "SpamSoldier," which uses an infected phone to send a bunch of spammy SMSs to other phones, inviting them to download free apps or games or other free offers that, of course, are trojans that then send hundreds of spammy SMSs to your contacts. It's the evil cycle of life.
SpamSoldier is masquerading as a number of Android applications, including Need For Speed, Max Payne, Angry Birds Star Wards HD, and various versions of Grand Theft Auto. Those fake apps are being hosted outside of Google Play, though. As we've said before -- if you wander off the reservation, you take your chances. In this case, though, you're being incited to download via a spam text message.
Any sort of botnet like this -- in which spammers are using your device to propagate their spam -- is bad. But it's also no different than if you fall for the same sort of thing on your PC. Again, your Android phone is more like a computer than not.
But we're not all that worried about this one. First off, two of the sources reporting on SpamSoldier (Lookout and Cloudmark), are calling it "relatively limited" and "unsophisticated." Of course, those qualifiers are tucked into several hundreds scarier words. (Hope you didn't miss 'em!) Cloudmark does a better job breaking down the individual apps (with hashes) and originating domains. If you're really worried about all this, start there.
Are we worried about this one? Not so much.
There are a number of steps you have to take for SpamSoldier to be an issue. You have to (first) receive the spammy text, (then) fall for the spammy text, (then) click the link, (and then) install the spammy botnet spam app. And that's assuming you've checked the "allow installation of apps from unknown sources" box that's in your security settings, or fallen for the instructions in the spammy text. (See? There's a reason that setting exists.)
Frankly, the FUD flying around this SpamSoldier likely will cause more damage than the the spam SMS ring itself.