© 2008 Websense, Inc. All Rights Reserved.
Websense
Security Labs
Websense Security Labs discovers, investigates, and reports on advanced Internet threats that traditional security research methods miss.
Recognized as a world leader in security research, Websense Security Labs publishes findings to hundreds of security partners, vendors, media outlets, military, and other organizations around the world 24 hours a day, seven days a week.
Most recent Alerts
See All »
| Date | Description | Type |
| 05.09.2008 | China.com game site hosting malicious code | Malicious Web Site / Malicious Code |
| 04.22.2008 | Mass Attack JavaScript injection - UN and UK Government websites compromised | Malicious Web Site / Malicious Code |
| 04.11.2008 | Le Bernardin site compromise | Malicious Web Site / Malicious Code |
 |
|
 |
RESOURCES
THREAT RESOURCE CENTER
Security Research Highlights Report.
New Research by Websense Security Labs reveals the majority of malicious web sites are now legitimate sites compromised by attackers.
More Resources
Threat Maps...and more!
The Phishing and Crimeware Threat Map displays the most recent data collected by Websense Security Labs
More MapsBLOG
Analysis of Recent Storm Worm Packer
05.08.08 Websense Security Labs has been tracing the storm worm since early 2007, when the first wave of storm worm erupted in the wild. Storm worm is one of the most notorious malware programs seen during the years 2007 and 2008. Websense Security Labs has published many research results on it, such as Storm Worm Chronology, which was written by my colleague Nick Verenini.
Most variants of storm worms are packed with the custom packer "Tibs". Tibs packer is a polymorphic packer, which also has the capability of anti-emulation. Recently we encountered a wave of stormcodec8.exe. When we carried on an analysis for this variant, we found some interesting features in it. Below are some highlights of our analysis.