XCon2008-Beijing

11.27.2008 - 2:00 AM
Two Websense Security Labs researchers attended the Xcon2008 conference that took place in Beijing this month. The conference is organized by XFocus, a non-profit organization offering free technology, founded in China in 1998. Many members of XFocus are very famous in China's security sector. The XFocus Conference was started in 2002, and has hundreds of attendees every year.
Read more »

Follow Websense on Twitter

11.26.2008 - 4:10 PM
Just a quick note to let everyone know that we're now on Twitter! We will be posting up-to-the-minute, bite-sized updates on the latest and greatest discoveries found during our routine patrol around the 'net block, as well as any other breaking security news. Follow us on Twitter to keep a pulse on the wicked world of Web threats. (Our tweets are also available as an RSS feed)
Read more »

Potentially Unwanted Thanksgiving-themed Downloads

11.26.2008 - 9:00 AM
As we wish our American colleagues and friends 'Happy Thanksgiving', we could be tempted to get into the spirit and maybe brighten up our desktop with screensavers, wallpapers and the like. Our advice to users is to exercise caution - such activity may lead to adware, BHOs, and other undesirables.
Read more »

OllyEye plug-in

11.25.2008 - 5:10 PM
Today, I would like to present a new plug-in that I wrote called OllyEye. I wrote the plug-in to speed up the process of hunting vulnerability in applications. Sometimes we want to find out where in a module the code parsing is done. In the example below, we want to find the code that parses the QuickTime video codecs that are in Windows media player. We know that the codecs support the raw, rle, jpeg, mjpb, and rpza tags, so all we need to do is to search for those tags in our module--in this case, the "quartz.dll" module.
Read more »

Phishing and Fraud Tricks in China

11.12.2008 - 9:00 AM
Recently Websense® Security Labs™ has observed an increase in phishing and fraudulent Web sites in China. These sites have penetrated into many business fields, including some well-known Instant Messenger, online shopping, and game sites.
Read more »

Top To Bottom Breakdown: From Injected Code to Malcode Analysis

11.12.2008 - 2:30 AM
In the labs we keep a close eye on malicious injected code to legitimate Web sites, as ThreatSeeker monitors dynamically thousands of those every day. Last week we found a low perimeter attack of such injected code, which, as a whole, looked like a good case study. In this blog, we’re going to take a look at an injected attack from top to bottom.
Read more »

Patch Tuesday - November 2008

11.11.2008 - 4:00 PM
Microsoft recently published its monthly security bulletin summary for November 2008. The summary included two bulletins: one rated Critical, and the other rated Important. Here's a quick overview of what this means in terms of threats to the Webscape.
Read more »

Hacker Tool Targeting MS08-067 Vulnerability

11.11.2008 - 9:00 AM
Websense® Security Labs™ has noticed a special hacker tool in China. In the past few weeks, Microsoft has announced and released a patch for the MS08-067 vulnerability, and a hacker tool named "wolfteeth bot catcher" has been widely used by hackers to attack machines running Windows operating systems without the KB958644 patch. Our write up of the original vulnerability details can be found here. Below is an analysis of the "wolfteeth bot catcher" tool.

This Month in the Threat Webscape

11.07.2008 - 5:36 PM
This month, major Web 2.0 properties like Facebook, Bebo, Yahoo, and Google continue to be plagued with problems by malicious 'net scum, and the malicious underground economy continues to boom as stock markets tank. The Matrix's "architect" (or just, "father of the Internet") Vint Cerf explains why, architecturally, the Internet will not be entirely free from the malicious underground. In other much anticipated news, Google's "iPhone-killer" Android makes a splash this month, complete with a drive-by browser vulnerability.
Read more »