Spyware, viruses, & security forum: NEWS - December 18, 2012

A flaw in the Android kernel on some Samsung devices can expose those handsets to attack from malicious apps, according to a post on a mobile developer forum over the weekend.

The Samsung implementation of the Android kernel allows read/write access to all physical memory on the device, including the kernel, a user named "alephzain" posted on XDA Developers on Saturday. The vulnerability was found in the Galaxy S III that had not yet been flashed with ODIN, alephzain said. While the flaw would make it easy to root the device, it also meant the device was open to various attacks by malicious apps, such as kernel code injection and memory dumps.

The members on XDA Developers look for vulnerabilities in mobile devices that can be exploited to give users root access, after which users can install custom versions of Android. In this case, the vulnerability gives attackers a very easy way to exploit the handset for malicious users.

Continued : http://securitywatch.pcmag.com/none/306086-samsung-android-bug-found-in-some-galaxy-s-ii-s-iii-devices

Also:
Root Exploit in Devices with Samsung's Exynos Processors
Exynos 4 critical security hole affects many Galaxy devices
Kernel vulnerability places Samsung devices at risk

Anti-Spam vendor Cloudmark recently spotted something new in the world of mobile threats: an Android-based SMS botnet. While the company describes the effort and overall operation of the botnet as primitive, the concern is that this is only the beginning.

Mobile botnets have always been a concern, especially given the explosion of mobile consumption in the U.S. alone. Everyone, from ages 12-60 it seems, has a mobile device somewhere, and for the most part if it isn't Apple, it's Android. Given that many of the Android devices on the market have a wide range of installation versions, the attack surface is wide - leading to speculation as far back as 2010 that mobile botnets were coming.

Now it appears they have. Again, Cloudmark calls this recent discovery primitive, but it still managed to appear on 800 phones in the U.S. alone, and earlier this month was blasting some 500,000 SMS messages a day. The victims have no idea their phone is infected, even though the process of installing the malware included granting explicit permission to the criminals.

Continued : http://www.securityweek.com/criminals-test-android-based-sms-botnet-moderate-success

Also:
New Android malware makes spam-texting more economical
Android Trojan Apps Build SMS Botnet

.. program

"Batchwiper follows the discovery of Flame and other malware targeting the region."

Iranian computers are being targeted by malware that wipes entire disk partitions clean, according to an advisory issued by that country's Computer Emergency Response Team Coordination Center.

Dubbed Batchwiper, the malware systematically wipes any drive partitions starting with the letters D through I, along with any files stored on the Windows desktop of the user who is logged in when it's executed, according to security researchers who independently confirmed the findings. The reports come seven months after an investigation into another wiper program targeting the region led to the discovery of Flame, the highly sophisticated espionage malware reportedly designed by the US and Israel to spy on Iran. Wiper, as the earlier wiping program is known, shared a file-naming convention almost identical to those used by the state-sponsored Stuxnet and Duqu operations, an indication it may have been related, security researchers said.

Continued : http://arstechnica.com/security/2012/12/iranian-computers-attacked-by-new-malicious-data-wiper-program/

Related:
A new targeted Trojan, Batchwiper, wipes data from drives
Another data-wiping malware program found in Iran
Trojan.Batchwiper Reported in Iran

Anonymous has posted personal data of many members of the Westboro Baptist Church and is promising to shut down the religious sect after it announced plans to protest the funerals of those killed at Sandy Hook Elementary School last week.

"We have unanimously deemed your organization to be harmful to the population of the USA, and have therefore decided to execute an agenda of action which will progressively dismantle your institution of deceitful pretext and extreme bias, and cease when your zealotry runs dry," the hacking group said in the now-traditional video.

"We recognize you as serious opponents, and do not expect our campaign to terminate in a short period of time. Attrition is our weapon, and we will waste no time, money, effort, and enjoyment, in tearing your resolve into pieces, as with exposing the incongruity of your distorted faith."

The upload to Pastebin shows names, addresses, birth dates, emails, and phone numbers for many of the WBC members, along with domain details for the many sites it owns, including godhatesfags.com, beastobama.com, and godhatesthemedia.com. That's pretty basic stuff, but Anonymous claims this is just the start.

Continued : http://www.theregister.co.uk/2012/12/17/anonymous_westboro_baptist_hack/

Also: Anonymous continues its hack offensive against Westboro Baptist Church

"Broke email accounts of numerous celebrities"

A man who hacked dozens of email accounts belonging to Hollywood celebrities including Scarlett Johansson has been handed a tough ten year jail sentence by a US court.

Charged by police in October 2011, 35 year-old Christopher Chaney from Florida was accused of breaking into the Yahoo, Gmail and Apple email accounts of a large number of notables using password reset attacks, posting and offering the private data he stole to gossip websites.

Although several famous people were victims of his attacks from late 2010 onwards, but it was topless photographs he posted of Scarlett Johansson that formed the media centrepiece of the case.

The court watched a video-taped statement in which the tearful actress described how she had been "truly humiliated and embarrassed" by the exposure.

Continued : http://news.techworld.com/security/3417044/scarlett-johansson-hacker-gets-10-year-jail-stretch/

Also:
Man who hacked Scarlett Johansson's email gets a whopping ten years in prison
Naked Scarlett Johansson pic snatch bloke gets 10 YEARS
Hollywood Celebrity Hacker Sent to Jail