A recap of IT security news for the past week includes malware targeting Android devices, the investigation into "Operation Payback" and more.
From malware targeting Google Android phones to news about the feds striking
back at "Operation Payback" attackers, the final week of 2010 was
anything but uneventful.
Researchers at Lookout Mobile Security uncovered a sophisticated
Trojan in the wild dubbed "Geinimi" going after Android devices
According to Lookout, the Trojan displays "botnet-like capabilities"
and is being grafted onto repackaged versions of legitimate applications
distributed in third-party Chinese Android app stores.
"To download an app from a third-party app store, Android users need to
enable the installation of apps from 'Unknown sources' (often called 'sideloading'),"
according to the Lookout blog. "Geinimi could be packaged into
applications for Android phones in other geographic regions. ... There are a
number of applications-typically games-we have seen repackaged with the Geinimi
Trojan and posted in Chinese app stores, including Monkey Jump 2, Sex
Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. It
is important to remember that even though there are instances of the games
repackaged with the Trojan, the original versions available in the official
Google Android Market have not been affected."
The firm advised Android users to only download apps from trusted sources,
and to always check the permissions an application requests.
On Dec. 29, Microsoft warned that attack code had
appeared targeting a critical vulnerability in Microsoft
Word patched in November. The bug in question is the RTF Stack Buffer
Overflow Vulnerability addressed
with MS10-087. The company advised users to patch the bug, which could be
used by attackers to potentially take control of a vulnerable system.
Also during the week, news
hit that federal authorities raided a Dallas-based server farm last
month as part of their assault on the WikiLeaks supporters behind "Operation
Payback," a series of denial-of-service attacks against businesses that
have cut ties with the whistleblower site. According to a federal affidavit
obtained by the Smoking Gun Website, the server farm was linked to the attack
on the PayPal Website.
4chan message board, a discussion forum used by Anonymous-the cyber-group
behind Operation Payback-was itself hit with a denial-of-service attack Dec.
"We now join the ranks of MasterCard, Visa, PayPal, et al.-an exclusive
club!" 4chan founder Christopher "moot" Poole
wrote in a blog post.
Carder.cc, a known forum for trading stolen credit cards, was among
six sites hit with attacks Dec. 25, according to an online newsletter
published by the hackers themselves. In the second issue of "Owned and
Exposed," the attackers also listed ettercap, exploit-db, backtrack,
inj3ct0r and free-hack. While free-hack was taken down for being "lame
script kiddies," the other sites had criminal ties or were security
experts who "fail so hard at security that we wonder why people really
take their training courses," according to the e-zine.