Doctors have reported the first case of someone using the internet while asleep, when a sleeping woman sent emails to people asking them over for drinks and caviar. The 44-year-old woman found out what she had done after a would be guest phoned her about it the next day. While asleep the woman turned on her computer, logged on by typing her username and password then composed and sent three emails. Each mail was in a random mix of upper and lower cases, unformatted and written in strange language. One read: "Come tomorrow and sort this hell hole out. Dinner and drinks, 4.pm,. Bring wine and caviar only." Another said simply, "What the......." If I had known that researchers were interested in unformatted, rambling email I would have let them read my inbox. They could start a whole new school of medicine.

BobB-nw writes "Underground botnet markets and high-profile spam cases headlined the year in tech crime. One of the most disturbing cybercrime trends in 2008, many security analysts say, has been the emergence of a full-blown underground economy where credit card information, identity theft information, and spam and phishing software are all available for relatively low prices. 2008 also saw major developments in the cases against three major spammers in the United States."

John Kelly writes "The current issue of Policy Review has a paper by an American computer scientist and the recent Permanent Undersecretary of Defense for Estonia. Drawing on the Estonian cyber attacks a year and a half ago, as well as other recent examples, they argue that botnets are the major problem. They propose that botnets should be designated as 'eWMDs' — electronic weapons of mass destruction. The paper also proposes a list of reforms that would help to limit the scale and impact of future botnet attacks, beginning with defining and outlawing spam, internationally." Many of the proposed solutions are common-sensical and won't be news to this audience, but it is interesting to see the botnet threat painted in such stark terms for readers of the Hoover Institution's Policy Review. For a more comprehensive overview of cyber-security threats, listen to NPR's interview with security experts on the occasion of the release of a new report, "Securing Cyberspace for the 44th Presidency," which recommends creating a cyber-security czar reporting to the President.

edmicman sends word of a Fox News report about a Michigan State University student who is facing suspension for bulk emailing a number of professors at the university about a proposed change to the school calendar — an e-mail that the university is labeling spam. The article contains links to a copy of the original email, the allegations against the student, and the university's Email Acceptable Use Policy. The student, Kara Spencer, asked a Philadelphia rights organization, FIRE, to get involved. The article quotes the FIRE defense program director: "The fact that MSU is considering punishment of Spencer simply for exercising her right to contact selected faculty members by e-mail shows a disturbing disregard for students' freedom of expression. ... Threatening a member of the student government with suspension for sending relevant, timely e-mails to faculty members is outrageous." Spencer is awaiting the school's judgement after a hearing, and vows to take to the courts if suspended.

darthcamaro writes "In case you needed further proof of China's breakneck pace of growth on the web, InternetNews is reporting on data from Verisign that the .cn Top Level Domain (TLD) has now become the second biggest TLD worldwide, surpassing Germany's .de and second only to .com. The number of .cn sites grew by 76 percent in 2008, which is significantly more growth than .com and .net, which only grew by 16 percent combined. A graph in the Verisign report (PDF) shows how quickly China's internet presence has grown in the past two years."

Smivs points out a blandly-worded story from the BBC with scary implications, excerpting "Remote searches of suspect computers will form part of an EU plan to tackle hi-tech crime. The five-year action plan will take steps to combat the growth in cyber theft and the machines used to spread spam and other malicious programs. It will also encourage better sharing of data among European police forces to track down and prosecute criminals. Europol will co-ordinate the investigative work and also issue alerts about cyber crime sprees."

wiedzmin writes "In response to the recent resurrection of the Srizbi botnet, an Estonian ISP has shut down the hosting company that was housing its new control servers. Starline Web Services, based in Estonia's capital Tallinn, had become the new home for the Srizbi botnet control center after the McColo hosting company (which was taken down earlier this month) has briefly come back to life last week, allowing the botnet to hand-off control to the Estonian network. After Estonia's biggest ISP Linxtelecom demanded that Starline Web Service be taken offline, the newly acquired Srizbi control servers went down with it. However, as the rootkit is armed with an algorithm that periodically generates new domain names where the malware then looks for new instructions, it is only a matter of time before a new set of control servers is created and used to manipulate one of the biggest spam botnets in the world."

CWmike writes "Gregg Keizer reports that the big spam-spewing Srizbi botnet, shut down two weeks ago when McColo was shuttered, has been resurrected and is again under the control of criminals, security researchers said today. As of late Tuesday, infected PCs were able to successfully reconnect with new command-and-control servers, which are now based in Estonia, said Fengmin Gong, chief security content officer at FireEye. The comeback confirms what researchers noted last week, that Srizbi had a fallback strategy. So, in the end, that strategy paid off for the criminals who control the botnet."

damn_registrars writes "A US District judge has awarded $873 million dollars to Facebook in a default judgment against a spammer who sent messages to Facebook users about drugs and sex. This is the highest award so far in a civil suit under the CAN-SPAM Act."

mblase writes "Wolfram Research has released the seventh version of Mathematica, and it does a lot more than symbolic algebra. New features range from things as simple as cut-and-paste integration with Microsoft Word's Equation Editor to instant 3D models of mathematical objects to the most expensive clone of Photoshop ever. Full suites of genome, chemical, weather, astronomical, financial, and geodesic data (or support for same) is designed to make Mathematica as invaluable for scientific research as it is for mathematics."

A week ago we discussed the takedown of McColo (and the morality of that action). McColo was reportedly the source of anywhere from 50% to 75% of the world's spam. On Saturday the malware network briefly returned to life in order to hand over command and control channels to a Russian network. "The rogue network provider regained connectivity for about 12 hours on Saturday by making use of a backup arrangement it had with Swedish internet service provider TeliaSonera. During that time, McColo was observed pushing as much as 15MB of data per second to servers located in Russia, according to ... Trend Micro. The brief resurrection allowed miscreants who rely on McColo to update a portion of the massive botnets they use to push spam and malware. Researchers from FireEye saw PCs infected by the Rustock botnet being updated so they'd report to a new server located at abilena.podolsk-mo.ru for instructions. That means the sharp drop in spam levels reported immediately after McColo's demise isn't likely to last."

CWmike writes "Few tears were shed when alleged spam and malware purveyor McColo was suddenly taken offline last Tuesday by its upstream service providers. But behind the scenes of the McColo case and another recent takedown of Intercage, a ferocious struggle is taking place between the purveyors of Web-based malware and loosely aligned but highly committed groups of security researchers who are out to neutralize them. Backers claim that the effort to shut down miscreant ISPs is needed because of the inability of law enforcement agencies to deal with a problem that is global in nature. But some question whether there is a hint of vigilantism behind the takedowns — even as they acknowledge that there may not be any other viable options for dealing with the problem at this point."

eldavojohn writes ""Some of your classmates are trying to contact you!" reads one e-mail. Attempts to remove yourself from the mailing list may only result in more mailings from the site of ill repute. Well, Ars Techica brings us news of a suit against Classmates.com. You don't need to look far for anti-classmates.com sentiment spreading like wild fire across the tubes." Good next target: ads that say "you've already won" some expensive toy.

ESCquire writes "Apparently, the Washington Post Blog 'Security Fix' managed to shut down McColo, a US-based hosting provider facilitating more than 75 percent of global spam. " Now how long before the void is filled by another ISP?

An anonymous reader points out a story in the Washington Post, which begins: "A single response from 12 million e-mails is all it takes for spammers to turn annual profits of millions of dollars promoting knockoff pharmaceuticals, according to an unprecedented new study on the economics of spam. Over a period of about a month in the Spring of 2008, researchers at the University of California, San Diego and UC Berkeley sought to measure the conversion rate of spam by quietly infiltrating the Storm worm botnet, a vast collection of compromised computers once responsible for sending an estimated 20 percent of all spam." The academic paper (PDF) is also available. We've previously discussed another group of researchers who were able to infiltrate the botnet for a different purpose.

Michael J. Ross writes "As Internet users' expectations continue to ratchet upwards, it is increasingly essential that every Web site owner maximize the chances that those users will find the site in question, and, once found, that the site will perform well enough that those visitors become customers or members, and recommend the site to others. Key elements of a successful strategy include optimization for search engines, pay-per-click advertising, and visitor conversion, as well as responsive Web pages and fine-tuning of all the above, using various metrics. These topics and others are explored in Website Optimization: Speed, Search Engine & Conversion Rate Secrets by Andrew B. King." Keep reading for the rest of Michael's review.

chronopunk writes "Normally when you think of firmware updates for a router you would expect security updates and bug fixes. Would you ever expect the company that makes the product to try and sell you a subscription for security software using its firmware as a salesperson? I recently ran into this myself when trying to troubleshoot my router. I noticed when trying to go to Google that my router was hijacking DNS and sent me to a website trying to sell me a software subscription. After upgrading your D-link DIR-655 router to the latest firmware you'll see that D-link does this, and calls the hijacking a 'feature.'"

A Cow writes "The Tribler BitTorrent client, a project run by researchers from several European universities and Harvard, is the first to incorporate decentralized search capabilities. With Tribler, users can now find .torrent files that are hosted among other peers, instead of on a centralized site such as The Pirate Bay or Mininova. The Tribler developers have found a way to make their client work without having to rely on BitTorrent sites. Although others have tried to come up with similar solutions, such as the Cubit plugin for Vuze, Tribler is the first to understand that with decentralized BitTorrent search, there also has to be a way to moderate these decentralized torrents in order to avoid a flood of spam."

Just because I'm an writes "The Sydney Morning Herald reports that Kevin Bermeister and Michael Speck have been developing technology to return search results on file sharing programs that point to pay-for content from the copyright holders. The article reports that there are trials planned for Australian ISPs, with interest from elsewhere on the globe."

Smivs writes "The BBC report on a new gizmo that can block/filter spam phone calls. The system basically intercepts all calls. If it recognizes them as a friend or a member of the user's family — numbers on the so-called star list created by the user — it lets them through as normal. If the caller's number is on a zap list — numbers of telemarketers or other nuisance callers — the device answers it, and all future calls from that number, with an automated message which means the phone does not ring at all. If the system doesn't recognize the caller's number, or the caller withholds their number, it asks them who they are, puts them on hold and then rings the user's phone. The user has the option of taking the call, having the system take a message, or they can reject the call and add the number to the 'zap' list. Users can add callers to their 'star' list by pressing the star button on their phone at any point during a call." So wait, they can't spam me twice? If I press a button? And if they actually show their phone number on my caller ID? What about the auto insurance scammers that hit me 10x/week?