Google’s 'Blogger' under attack by streamlined Anti-CAPTCHA operations for spam

04.24.2008 - 11:11 AM
Websense Security Labs ThreatSeeker™ technology has discovered that spammers, in their recent tactics, have targeted Google’s well-known blog publishing system “Blogger” aka “Blogspot”, following the streamlined Microsoft’s Live Mail Anti-CAPTCHA, Google’s Gmail Anti-CAPTCHA and Microsoft’s Live Hotmail Anti-CAPTCHA operations. Spammers have managed to create automated bots that are capable of not only signing up and creating Blogger accounts (using spammer account credentials), but also use these accounts as redirectors and doorway pages for advertising their products and services.
Read more »

A Look at a Bank Worm

04.23.2008 - 4:45 PM
Malware authors will often have their files display something to the user so that they actually believe the file is legitimate. Many of us have experienced such tricks, including fake errors stating that a specific file could not be found or that the application failed to load properly. Today we will look at one of these seemingly innocent files and find that its doing much more than just showing you an "interesting" video.
Read more »

RSA 2008: Got Honey?

04.23.2008 - 10:10 AM
Recently Dan Hubbard presented some of our next generation honeyclient technologies and systems at RSA. The presentation has since been recorded with audio and is now available in quicktime here (note: its 170Mb): rsa_2008_honeyclient_preso.mov

During the presentation you will get some insight into how we use honeyclient technologies in order to discover web exploits and compromises in the wild. We have reviewed and demonstrated some of our active, passive, and hybrid approaches. We hope you will enjoy this presentation, and we will see you again next year.
Read more »

Image Search Referrer-Based Malicious Websites

04.17.2008 - 4:29 PM
Websense Security Labs research has uncovered a case where a museum's compromised Web server is serving malicious code based on the referrer making the request. A referrer could be, for example, a search engine such as images.google.com. As interesting as the fact that they're doing this, however, is which referrers trigger the delivery of malicious content, when others do not. In this case, the malicious content is served only when the referrers for the request are certain high-profile image search sites.
Read more »

Old Tricks, Old malware, Quick blog

04.16.2008 - 4:31 PM
While techniques are increasing to infect people surfing the Web, classic tricks are still effective. TypoSquatting is still very common, and is used to get users information to malicious Web sites. Recently, we have had reports of malicious sites using a "Google analytics" domain name, with minor twists (typos) to get traffic and eventually, infect machines.
Read more »

Microsoft Live Hotmail Under Attack by Streamlined Anti-CAPTCHA and Mass-mailing Operations

04.10.2008 - 10:54 AM
Websense Security Labs ThreatSeeker™ technology has discovered that spammers in their recent tactics have drawn their attention towards traditional and infamous Hotmail, aka Live Hotmail services after the streamlined Live Mail Anti-CAPTCHA operations. Spammers have managed to create automated bots that are capable of not only signing up and creating random Hotmail accounts, but also use these accounts for spamming purposes from a proper Live Hotmail service. Websense predictions about this sophisticated spammer strategy at the time of Live Mail Anti-CAPTCHA and Gmail Anti-CAPTCHA operations, and its outcomes have been factual with this attack.

Analysis of a Win32.Delf Variant

04.03.2008 - 9:47 AM
We have been noticing quite a few malware samples having references to or communicating with Google's SMTP servers. This post dissects one of these samples and in the process attempts to illustrate to the reader some reversing techniques and information gathering techniques, while explaining the behavior and impact of this virus. At the end of this post you will discover the reasoning for this SMTP reference and see a rather revealing screenshot showing its purpose.
Read more »

CanSecWest 2008

04.02.2008 - 4:30 PM
We just got back from Vancouver, where we presented at CanSecWest 2008. We presented a topic called "Wreck-utation," which discussed reputations on the Internet and how they may be vulnerable. The point of our presentation was to demonstrate how the recent influx in compromises and misuses of legitimate Web sites makes reputation security systems much less effective than advertised.
Read more »