Malware has been spreading on Android mobile phones that takes control of certain email accounts to create a "botnet" to send out spam, a security researcher said this week.
Microsoft security engineer Terry Zink said the malware has infected phones of users' Yahoo email accounts to send out spam messages.
"We've all heard the rumors, but this is the first time I have seen it -- a spammer has control of a botnet that lives on Android devices," Zink said in a blog post Tuesday.
"These devices login to the user's Yahoo Mail account and send spam."
He said the phones appear to be located in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.
"I've written in the past that Android has the most malware compared to other smartphone platforms, but your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace," he said.
"But if you get it from some guy in a back alley on the Internet, the odds go way up."
He added that users in the developed world "usually have better security practices and fewer malware infections than users in the developing world."
"I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for," Zink said.
"Either that or they acquired a rogue Yahoo Mail app."
A report earlier this year by the security firm AV-Test found some Android downloaded malicious code after installation and said this is more common in the Google Android system than in the Apple ecosystem which has stricter security policies.
Google has a security system known as Bouncer to scan for malware but some experts recommend additional protection for phones using the platform.
Many could lose Internet service worldwide on Monday
The warnings about the Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website.
But hundreds of thousands of people around the world may still lose their Internet service on Monday unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago.
Despite repeated alerts, the number of computers that probably are infected is more than 277,000 worldwide, down from about 360,000 in April.
Users whose computers are still infected Monday will lose their ability to go online, and they will have to call their service providers for help deleting the malware and reconnecting to the Internet.
The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.
In a highly unusual move, the FBI set up a safety net. They brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.
But that temporary system will be shut down at 12:01 a.m. EDT Monday (0401 GMT; 8AM UAE time), July 9.
Most victims don't even know their computers have been infected, although the malicious software probably has slowed their Web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.
But popular social networking sites and Internet providers have gotten more involved, reaching out to computer users to warn of the problem.
According to Tom Grasso, an FBI supervisory special agent, many Internet providers are ready for the problem and have plans to try to help their customers. Some, such as Comcast, already have reached out.
The company sent out notices and posted information on its website. Because the company can tell whether there is a problem with a customer's Internet server, Comcast sent an email, letter or Internet notice to customers whose computers appeared to be affected.
Grasso said other Internet providers may come up with technical solutions that they will put in place Monday that will either correct the problem or provide information to customers when they call to say their Internet isn't working. If the Internet providers correct the server problem, the Internet will work, but the malware will remain on victims' computers and could pose future problems.
In addition to individual computer owners, about 50 Fortune 500 companies are still infected, Grasso said.
Both Facebook and Google created their own warning messages that showed up if someone using either site appeared to have an infected computer. Facebook users would get a message that says, "Your computer or network might be infected," along with a link that users can click for more information.
Google users got a similar message, displayed at the top of a Google search results page. It also provides information on correcting the problem.
To check whether a computer is infected, users can visit a website run by the group brought in by the FBI: http://www.dcwg.org .
The site includes links to respected commercial sites that will run a quick check on the computer, and it also lays out detailed instructions if users want to actually check the computer themselves.