Slide.com Hosting Malware

03.31.2008 -
Websense Security Labs has been tracking the use of Slide.com as a hosting site for malware for several months. The popular Web 2.0 social networking Web site, ranked 252 by Alexa (Alexa Ranking), is both the largest Facebook application developer and a free and easy place to host malware.
Read more »

MySpace Profile Trickery

03.28.2008 - 11:57 AM
Websense Security Labs has started seeing more spam bots on MySpace using increasingly clever techniques. Websense Labs reported a MySpace profile hack (New MySpace Link Hack in Use) previously. A new twist has appeared in these socially-engineered profile tricks that could be used for malicious purposes. The profiles are created in such a way that they hide all of the real MySpace profile areas. The profile displays an image served from another location as an input type=image. This old trick has been used in the Web security space to perform cross-domain attacks. In Firefox, when you mouse over the image, the URL that will be visited if the image is clicked is not displayed in the status bar at the bottom, as most links are.
Read more »

APCERT 2008 in Hong Kong

03.17.2008 - 3:18 PM
I just returned from the APCERT Conference held March 12-13 in Hong Kong, (APCERT 2008). Approximately 150 researchers and customer representatives attended the conference, which was a great opportunity to meet researchers from around the world. At the conference, the topic of my presentation was "Detection of Web Security Threats - Websense V-Next Honeyclient". From the questions I received, I believe that quite a few researchers were interested in this topic, and were also pretty impressed by our thorough insight into Honeyclients, even though several other speakers also presented information regarding their Honeyclients.
Read more »

Game Phishing Revisited

03.14.2008 - 12:35 PM
In October of 2006 we blogged (Stealing Fun for Profit) about the trend we were seeing with malicious code writers targeting users of online games, and the ways that they could make profits from attacking these customers. During the course of 2007 we tracked this trend in an ongoing fashion and saw it becoming more and more common. We aren't the only ones who have noticed this, so it's time to revisit the topic.
Read more »

Mass Attack JavaScript Injection

03.14.2008 - 10:37 AM
Websense Security Labs has been tracking the recent malicious JavaScript iframe that has been injected into the source code of tens of thousands of websites world-wide. This is not new to us, as we have been protecting customers against the payload hosted by these malicious hosts located in China since February. When a user's browser opens the compromised site...
Read more »

Unscrambling Custom obfuscation and Executable "infection"

03.12.2008 - 5:56 PM
One of the most important goals for any malware is to find a way to stay alive when the operating system restarts. Most malware will simply change the registry or change some ini files to stay alive. But these types of changes are easily detected by the average computer user. Every now and then, we see malware using different techniques to restart and remain undetected by users. Instead of changing the registry, these programs read it, locate applications starting at boot time, and then infect those applications by appending code to them. The appended code usually doesn't do anything malicious; it simply restarts the real malware component. The sample described below not only uses those techniques, but also uses some tricks to prevent emulation and slow down analysis.
Read more »

Internet Explorer 8 - Security Features and Concerns

03.07.2008 - 5:20 PM
Microsoft recently released Windows Internet Explorer 8 Beta 1 to the public. While the developer tools and other features are receiving a lot of interest, this release also includes new security features and concerns that require some attention.
Read more »