A large wave of malicious emails claiming to come from Facebook began hitting inboxes this morning, according to researchers at messaging security firm AppRiver. The emails contain the subject line "Facebook Support" and purport to be from "Facebook office." Recipients are told their Facebook accounts have been blocked due to spam activity and they must use a new password, which is included in an attachment. However, the attachment actually contains a variant of the Oficla downloader, which has been known to install rogue anti-virus programs and the Zeus trojan. AppRiver has detected more than 100,000 of the messages. - DK

Adobe X, the latest version of Adobe Reader, was released on Thursday and includes a new security feature designed to mitigate attacks against the popular PDF software. The new capability, called "Protected Mode," will force operations that display PDF files to the user to be run inside a confined environment, known as a sandbox, in which certain functions are prohibited. The functionality will help prevent attackers from writing files or installing malware on a victim's computer, Brad Arkin, senior director of product security and privacy at Adobe, wrote in a blog post Thursday. The capability is similar to technologies used in the Google Chrome web browser and Microsoft Office 2010, Arkin said. - AM

For at least 18 minutes on April 8, 15 percent of the globe's internet traffic was rerouted through China, according to a post Wednesday on the McAfee blog. This included transmissions from U.S. military and government networks, as well as from commercial players, all of which could have been intercepted, logged and altered. There is yet no clear answer as to how this occurred or whether it was deliberate, but certainly was "one of the biggest routing hijacks we have ever seen," said McAfee. - GM

The student convicted of hacking into the Yahoo email account of Sarah Palin while she was the Republican candidate for vice president has been sentenced to one year and one day inside a halfway house, according to reports. David Kernell, 22, was found guilty in late April to charges of unlawful computer access and obstruction of justice. Kernell was a 20-year-old economics student at the University of Tennessee in 2008 when he hacked his way past security questions to access Palin's personal email account. Kernell gained access by providing Palin's birth date and ZIP code to Yahoo's password retrieval system. Prosecutors had sought an 18-month prison sentence. — AM

Email and web security provider Barracuda Networks announced Tuesday that it has launched a bug bounty program, becoming what is believed to be the first security vendor to award money to researchers who uncover vulnerabilities in its product line. Flaw finders can cash in between $500 and $3133.70 for locating bugs that compromise confidentiality, availability, integrity or authentication, according to Barracuda. Software providers such as Google and Mozilla offer similar programs. - DK

A former University of Akron student was sentenced Friday to 30 months in prison for using the school's computer network to control a botnet and launch distributed denial-of-service (DDoS) attacks against conservative websites belonging to Bill O'Reilly, Ann Coulter and Rudy Giuliani. Mitchell Frost, 23, of Bellevue, Ohio admitted to, in 2006 and 2007, scanning the internet to find vulnerable computer networks to access and gain control over and then using the botnet to initiate DDoS attacks that temporarily interrupted the operation of www.billoreilly.com, www.anncoulter.com and www.joinrudy2008.com. He also must serve three years of supervised release. - DK

Adobe on Thursday patched a previously known "critical" Flash Player vulnerability, disclosed last week. The flaw, which could cause a crash or allow an attacker to take control of an affected system, also is present in Reader and Acrobat, where it is being actively exploited. Adobe has said it is not aware of any attacks targeting Flash. The Flash update, which includes fixes for 17 other bugs, affects version 10.1.85.3 and earlier for Windows, Macintosh, Linux and Solaris. An update to Reader and Acrobat is due during the week of Nov. 15. - DK

Two Moldovan men were charged this week for their involvement with the Zeus trojan, which has been used to steal millions of dollars from U.S. bank accounts. Dorin Codreanu and Lilian Adam, both 21, are believed to have been "money mules," responsible for transferring stolen funds to accomplices overseas. The pair was arrested in Wisconsin and is set to be transferred to New York to face charges of conspiracy to commit bank fraud, according to reports. The men are among the 37 individuals charged late last month in U.S. District Court in Manhattan for their role in the scheme. — AM

A new phishing campaign attempts to steal money from members of USAA, a banking and insurance firm for U.S. military members and their families, researchers at email security firm AppRiver warned Tuesday. Researchers have noticed heavy traffic related to the spam run, whose messages include a link that directs users to a fake USAA login page, Troy Gill, security analyst at AppRiver, wrote in a blog post. The company has discovered more than 1,500 unique domains being used in the attack. — AM

The finalists for the 2011 SC Awards U.S. have been announced. The yearly awards gala, now in its 14th year, honors the professionals, companies and products that help fend off the myriad security threats confronted in today's corporate world. The winners will be announced at the SC Awards Dinner and Presentation on Feb. 15, 2011 in San Francisco, an event that coincides with the annual RSA Conference. Click here to see the SC Awards U.S. finalists.