Zero Day Weekly: Superfish attacks, FBI GameoverZeus bounty, Komodia in Lavasoft

Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending February 27, 2015. Covers enterprise, controversies, reports and more.

• Almost a week after revelations surfaced that Lenovo preinstalled dangerous ad-injecting software on consumer laptops, attackers took complete control of the company's valuable Lenovo.com domain name, a coup that allowed them to intercept the PC maker's e-mail and impersonate its Web pages. The new IP address pointed to a site hosted behind CloudFlare's name servers, CloudFlare engineers helped Lenovo restore the website and its properties. Lenovo was also hit this week with a class action lawsuit.

• Lavasoft this week was found to have malicious code in its security software, specifically Lavasoft's Ad-Aware Web Companion. The culprit was the same certificate company as used by Superfish: Lavasoft had licensed the use of a software development kit from a company called... Komodia.

  Stilgherrian

  The second-class internet? You're soaking in it

  Forget about net neutrality and balkanisation; Lenovo's Superfish idiocy proves that we already have a dual-class internet -- and most of us are proles.

  Read now

• Meanwhile, Superfish and other software containing the same HTTPS-breaking code (Komodia) may have posed more than a merely theoretical danger to Internet users. Researchers have uncovered evidence suggesting the critical weakness may have been exploited against real people visiting real sites, including Gmail, Amazon, eBay, Twitter, and Gpg4Win.org, to name just a few.

• Al-Jazeera has obtained hundreds of confidential "spy cables" from some of the world's top intelligence agencies (as recent as 2014), in what the news channel is calling "the largest intelligence leak since Snowden." Documents from Britain's MI6 and Israel's Mossad are included, along with the Russian FSB, South African SSA and the Australian ASIO. (No American intelligence agencies appear to be included.) Al-Jazeera is publishing the leaks in conjunction with the Guardian, promising that they will provide "an unprecedented insight into operational dealings of the shadowy and highly politicised realm of global espionage."

• GameOver Zeus hacker bounty: In a release this week, the FBI announced it is offering a $3 million reward for anyone who helps them catch Russian hacker Evgeniy Mikhailovich Bogachev. He is allegedly the mastermind of the GameOver Zeus malware gang that has made a fortune by infecting computers and breaking into online bank accounts.

• Target this week released its Q4 and 2014 earnings reports, showing that the company is still feeling the sting of its big breach -- showing $191 million in expenses related to the hack attack.

• Facebook paid out $1.3 million to developers and security enthusiasts through its bug bounty program last year, according to an annual update from the social network. That's down from $1.5 million in 2013, but the pool of bug submissions grew by 16 percent to 17,011 over the course of the year -- up from 14,763 entries in 2013. Meanwhile, Google canceled its annual Pwnium competition to accept year-round bug discoveries.

• The Ramnit botnet has been disrupted in a joint operation of law enforcement agencies led by Europol. Europol's European Cybercrime Centre (EC3) and law enforcement agencies from Germany, Italy, the Netherlands, and the United Kingdom have completed an operation to take down the botnet, which is believed to have infected 3.2 million computers around the globe. The successful project, revealed on Tuesday by Europol, involved taking down the botnet with the help of Microsoft, Symantec and AnubisNetworks.

• D-Link remote access vulnerabilities remain unpatched: D-Link routers have several unpatched vulnerabilities, the worst of which could allow an attacker to gain total control over a device, according to a systems engineer in Canada.

• SIM card maker Gemalto has confirmed that its network was hacked - probably by the NSA and GCHQ - but said the breach could not have resulted in a massive theft of encryption keys. The company noticeably downplayed the breach, causing cybersecurity experts and pundits to express significant skepticism of Gemalto's conclusions.