NEWS - August 15, 2012

The Sirefef/Zaccess family of Trojans - designed to download other malware, disable the machine's security features, and often make lasting changes to the computer - is usually distributed to unsuspecting victims via email spam campaigns.

But its peddlers have lately changed tack, and have begun bundling the malware with codecs, game installers and crack/keygen applications, Trend Micro warns.

"During the last weeks of July, we received reports from customers that their services.exe files were being patched by an unknown malware," the researchers shared.

As it turned out, the patched file was component of the Sirefef/Zaccess malware family, and was used to run the malware's other malicious components upon reboot.

"This proved to be a new variant of Sirefef/Zaccess, which now uses user-mode technique to stealthily load its malicious code, instead of using regular rootkit techniques," they said.

Continued : http://www.net-security.org/malware_news.php?id=2223

Google receives a lot of URL takedown requests - 4.5 million in the past month alone.

To address this problem, the search giant says it will push "bad" sites (those with allegedly copyright infringing content) further down its ranked search results, with the aim of helping users find quality sources of legal content more easily.

A recent blog post from Amit Singh, Google's senior vice president of engineering, announced that it will use around 200 signals - an important one being the number of 'valid copyright removal notices' - to dictate how their "search algorithms deliver the best possible results." [Screenshot: Google Blog Post]

Sites with a high number of notices will be pushed to the bottom of the pile, but they will not actually be removed. Counter-notice tools will also be available to pursue reinstatement for those wanting to challenge the decision.

Google's Transparency Report stats paint a picture of an overwhelming volume of take-down requests coming from copyright owners and reporting agencies, particularly since May.

Continued: http://nakedsecurity.sophos.com/2012/08/15/google-to-demote-websites-with-pirated-content/

News provider Reuters has had its site hacked again, with a blog carrying erroneous reports of the death of Saudi Arabia's Foreign Minister Prince Saud al-Faisal - days after one of its Twitter accounts was hacked.

A Reuters journalist's blog was used to post the false story and the organisation confirmed it did not report on the claims. The fabricated post has now been deleted from Reuters blogs on Reuters.com.

Reuters has no information on who was behind the hack. It came just a matter of days after the group was hit by two attacks.

Earlier this week, Reuters admitted one of its Twitter accounts was hacked on Sunday and that up to 22 false tweets posted, mainly related to the civil war in Syria. The tweets carried false information about rebel losses in their battle against government forces, leading to speculation that pro-Assad hackers were behind the hit.

Another journalist's blog was compromised on the same day, as hackers posted a false story claiming to carry an interview with a Syrian rebel leader.

Continued : http://www.techweekeurope.co.uk/news/reuters-blogs-hacke-89427

Also: Hackers Post Fake News Story on Reuters Site

From the Microsoft Malware Protection Center:

For this month's Microsoft Malicious Software Removal Tool (MSRT) release, we will include two families: Win32/Matsnu and Win32/Bafruz. Our focus for this blog will be Bafruz, which is a multi-component backdoor that creates a Peer-to-Peer (P2P) network of infected computers (using C&C, for instance), and includes a nasty list of payloads, as well as unique means of disabling security and antivirus products.

Win32/Bafruz contains components, which achieve a number of objectives for the attacker, such as hijacking Facebook and Vkontakte accounts, launching Distributed Denial of Service attacks, performing Bitcoin mining, downloading malware, and disabling security and antivirus products.

Let's delve a bit further into its payload of disabling security and antivirus products. Upon first receiving this component, it simply appeared to terminate a long list of security processes listed in its code. It also displayed alerts in the system tray similar to those displayed by your run-of-the-mill rogue application, as shown below: [Screenshot]

But unlike your common rogue, there is no mention of any sort of payment required in order to remove this threat. All it asks is for a reboot of the computer.

Continued : http://blogs.technet.com/b/mmpc/archive/2012/08/14/msrt-august-12-what-s-the-buzz-with-bafruz.aspx

Following a drop in the number of external researchers reporting security holes, Google has announced that it will be increasing some of the bounties paid as part of its Vulnerability Rewards Program. The program, which first launched in early 2010, pays security researchers for discovering and reporting holes in the company's browsers and in Chromium OS, the open source branch of the minimalist Chrome OS Linux-based operating system built around the Chrome web browser.

Google Software Engineer Chris Evans says that the fall in externally reported security issues signalled that "bugs are becoming harder to find, as the efforts of the wider community have made Chromium significantly stronger". Because of this, the company is updating the reward structure to include additional bonuses of $1,000 or more on top of the standard bounties.

Continued : http://www.h-online.com/security/news/item/Google-offers-larger-rewards-to-vulnerability-hunters-1667836.html

Also: Google ups prizes in Chromium bug bounty program

Yesterday, we wrote about how Michael Dell's daughter had been too open with details of her family's activities and location, and gave some advice on how to post wisely on social networks. One of our readers, James, then left a comment on the story alerting us to WeKnowYourHouse.com.

Calling itself "another social networking privacy experiment", WeKnowYourHouse scours Twitter for people using the word "home" in their tweets and picks up their associated geolocation, then publishes said tweet to its site along with information about where the tweeter is. [Screenshot]

The site tells you where the person is, plots them on a map, shows you the Google Street View picture of that location, tells you nearby places they've found on Foursquare, crime statistics for the area, local photos posted to Instagram near that location, and even shows an advert where you can "Meet local sl**s". Nice.

Continued : http://nakedsecurity.sophos.com/2012/08/15/twitter-location-weknowyourhouse/