Blog
Blogs
The Websense Security Labs Blog delivers the most current information about breaking security research topics and today's advanced Internet threats. Websense Security Labs investigates and publishes information about outbreaks, new threats and other relevant Web security topics to protect organizations from converging risks to their data from Web, email and user based attacks.
Go to the new Security Labs Blog
Video: News of Michael Jackson's Death Used In Malicious Spam
06.26.2009 - 12:30 PM
As a follow up to our alert of a malicious campaign in the wild riding on news of Michael Jackson's death, here's a video walk-through of what would happen to victims—just in case you are curious (but know better than to click on malicious links). It is sad that the blackhat hacker community often leverages unfortunate events to further their agenda via such social-engineering campaigns. Our hearts go out to the Jackson family.
Read more »
Nonstop Web Site Re-Infections
06.24.2009 - 2:45 PM
We recently published an alert about the Ethiopian Embassy site being compromised. We wanted to follow up with more detail, to show what the exploits are currently doing. This isn't the first time the site has been compromised. In March of 2009, we noticed an iframe injection pointing to hxxp://[REMOVED]vv.com/index.php. The domain was also serving virus-infected files in other locations, including hxxp://[REMOVED]vv.com/unic/1.exe, a Trojan [see VirusTotal report].
Read more »
Nine-Ball Mass Injection - Details
06.22.2009 - 11:00 AM
Early last week, we posted an alert about a mass injection attack in the wild we named Nine-Ball. This attack compromised over 40,000 legitimate Web sites in an ongoing campaign. The scale of the attack was spotted June 2, 2009, and since then the campaign has evolved several times. In this blog we will provide further detail and analysis on the Nine-Ball campaign.
Read more »
Video: MSN Canada Web Site's Malicious Javascript Code
06.11.2009 - 1:53 PM
As a follow-up to our alert yesterday on the malicious JavaScript code served up by the MSN Canada Web site, here is a video clip of what our security researchers saw from the trenches:
Read more »
06.11.2009 - 1:50 PM
I just returned from the SSTIC conference that took place in Rennes, France, last week. I have been going to this conference since 2003. It is the best security conference in France. In 2003, I presented on how to manually unpack Asprotect and rebuild stolen bytes, as well as redirected imports. In 2004, I presented my own Heuristic Detection research on PE file infectors. This year there were a lot of interesting topics, including, but not limited to Reverse Engineering, Fuzzing, Windows Mobile Malwares, Malware Analysis, Rootkits, DMA, and more.
Read more »
This Month in the Threat Webscape
06.09.2009 - 12:35 PM
Month of May 2009
The story of the "Beladen" and "Gumblar" attacks, both mass injections of malicious code onto hundreds of thousands of everyday Web sites that many average people visit, made a splash in this month's Web security highlights. Twitter, with its massive number of users, continues to serve as a thriving, malicious petri dish for malicious hackers, with spammers harvesting email addresses from tweets, and random malicious links popping up in the sea of tweets. More than 80% of phishing sites are hosted on legitimate, everyday Web sites that many people visit, and more Adobe PDF/JavaScript headaches are emerging for IT security managers.
In other events this month, the Security Labs presented a talk at AusCert 2009 titled "P0wning The Programmable Web". Thanks for watching, and we hope to see all you good folks again next year!
Read more »
06.05.2009 - 2:30 PM
A few weeks ago, I wrote a blog about the Gumblar attack. In that blog, I supplied statistics; in this blog, I would like to update that information.
Read more »
Complex obfuscated PDF exploit
06.02.2009 - 7:00 PM
While tracking a PDF-based threat, Websense Security Labs™ has seen complex, obfuscated JavaScript being used in both malicious Web pages and related PDF files. The intent of the obfuscated code is to infect visitors' machines via a malicious PDF file.
Read more »
06.01.2009 - 5:00 PM
Last week we alerted on a mass injection that was taking place around the globe. Mass compromises are certainly nothing new. They regularly take place, because attackers commonly use server-side vulnerabilities in an automated way to infiltrate legitimate Web sites and inject them with malicious code. The challenge in these kinds of attacks, from a security firm prespective, is to recognize malicious patterns in legitimate Web sites (they're usually obfuscated), and then research the exploit sites those attacks lead to.
Read more »
Previous Posts
June 2009
| 06.26.2009 | Video: News of Michael Jackson's Death Used In Malicious Spam » |
| 06.24.2009 | Nonstop Web Site Re-Infections » |
| 06.22.2009 | Nine-Ball Mass Injection - Details » |
| 06.11.2009 | Video: MSN Canada Web Site's Malicious Javascript Code » |
| 06.11.2009 | SSTIC 2009 Conference » |
| 06.09.2009 | This Month in the Threat Webscape » |
| 06.05.2009 | Gumblar - An Update » |
| 06.02.2009 | Complex obfuscated PDF exploit » |
| 06.01.2009 | Mass Compromise - Beladen » |
Archives
+ May 2009+ April 2009
+ March 2009
+ February 2009
+ January 2009