1. "FBI: Operation Bot Roast Finds Over 1 Million Botnet Victims,"
June 13, Network World

The bad food pun aside, the FBI and the U.S. Department of Justice, say that their ongoing Operation Bot Roast cybercrime initiative is working. More than 1 million botnet crime victims have been identified and cybercriminals are being cooked (sorry!) as a consequence. Bots are of enormous concern -- Gartner recently predicted that 75 percent of enterprises "will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses." At least one in 10 Web pages contain malware, according to Google. A relatively small number of bots can lead to millions of incidents and most people who have bots on their computers have no idea that their machines have been compromised or that their personal information is being harvested for nefarious purposes.

2. "New Type of Image Spam Hides in E-mail Wallpaper,"
June 13, Network World

This week brought another warning about "image spam." Security researchers found a new type of image spam that stays out of view of many filters by embedding text in the HTML template of e-mail stationery. Such stationery often contains a company logo or the name and contact information of the sender, akin to traditional letterhead. Antispam programs that are set to ignore that type of background or wallpaper won't detect this newly discovered version of image spam, which is the latest spam technique to keep security researchers up at night. They warn that e-mail users should expect to see more spam making its way to inboxes as a consequence.

3. "Personal Data on 17,000 Pfizer Employees Exposed; P2P App Blamed,"
June 12, Computerworld

Here's a cautionary tale to keep handy for the next time someone questions policies about unauthorized software on computers -- a Pfizer employee installed unauthorized file-sharing software on a company laptop she uses at home and wound up exposing Social Security numbers and other personal data of some 17,000 current and former employees of the pharmaceutical giant. Worse yet, the personal information of about 15,700 of those employees was accessed and copied by an unknown number of people using a P-to-P network. The company has alerted current and former employees as well as state attorneys general. The matter is being investigated by Connecticut Attorney General Richard Blumenthal, who wants Pfizer to explain to him what protective measures were in place before the breach, when the breach was discovered and what the company did to respond. He also wants to know how Pfizer can tell what data was compromised. He wants answers by June 22. Pfizer's general counsel said that the laptops was taken from the employee and the unauthorized software was removed from it.