Google Android Trojan, FBI Raid Linked to Operation Payback Lead Security News

A recap of IT security news for the past week includes malware targeting Android devices, the investigation into "Operation Payback" and more.

From malware targeting Google Android phones to news about the feds striking back at "Operation Payback" attackers, the final week of 2010 was anything but uneventful.

Researchers at Lookout Mobile Security uncovered a sophisticated Trojan in the wild dubbed "Geinimi" going after Android devices in China. According to Lookout, the Trojan displays "botnet-like capabilities" and is being grafted onto repackaged versions of legitimate applications distributed in third-party Chinese Android app stores.

"To download an app from a third-party app store, Android users need to enable the installation of apps from 'Unknown sources' (often called 'sideloading')," according to the Lookout blog. "Geinimi could be packaged into applications for Android phones in other geographic regions. ... There are a number of applications-typically games-we have seen repackaged with the Geinimi Trojan and posted in Chinese app stores, including Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. It is important to remember that even though there are instances of the games repackaged with the Trojan, the original versions available in the official Google Android Market have not been affected."

The firm advised Android users to only download apps from trusted sources, and to always check the permissions an application requests.

On Dec. 29, Microsoft warned that attack code had appeared targeting a critical vulnerability in Microsoft Word patched in November. The bug in question is the RTF Stack Buffer Overflow Vulnerability addressed with MS10-087. The company advised users to patch the bug, which could be used by attackers to potentially take control of a vulnerable system.

Also during the week, news hit that federal authorities raided a Dallas-based server farm last month as part of their assault on the WikiLeaks supporters behind "Operation Payback," a series of denial-of-service attacks against businesses that have cut ties with the whistleblower site. According to a federal affidavit obtained by the Smoking Gun Website, the server farm was linked to the attack on the PayPal Website.

The 4chan message board, a discussion forum used by Anonymous-the cyber-group behind Operation Payback-was itself hit with a denial-of-service attack Dec. 28.

"We now join the ranks of MasterCard, Visa, PayPal, et al.-an exclusive club!" 4chan founder Christopher "moot" Poole wrote in a blog post., a known forum for trading stolen credit cards, was among six sites hit with attacks Dec. 25, according to an online newsletter published by the hackers themselves. In the second issue of "Owned and Exposed," the attackers also listed ettercap, exploit-db, backtrack, inj3ct0r and free-hack. While free-hack was taken down for being "lame script kiddies," the other sites had criminal ties or were security experts who "fail so hard at security that we wonder why people really take their training courses," according to the e-zine.