Security Labs



The Websense Security Labs Blog delivers the most current information about breaking security research topics and today's advanced Internet threats.  Websense Security Labs investigates and publishes information about outbreaks, new threats and other relevant Web security topics to protect organizations from converging risks to their data from Web, email and user based attacks.

Go to the new Security Labs Blog

SOHU Digital Channel Web Site Compromised with Xunlei Thunder DapPlayer Exploit

01.28.2010 - 7:00 PM
Today Websense® Security Labs™ ThreatSeeker™ Network discovered that the SOHU Digital Channel Web site was compromised with a Xunlei Thunder DapPlayer Exploit that can lead to downloading and executing an Autorun worm that steals users' online game account information.
Read more »

Don't update via email!

01.25.2010 - 11:53 AM
Not to be confused with our alert last Thursday, spammers seem ready to pounce on the press attention towards the recent out-of-band release of MS10-002 to scare users into downloading fake updates via email. We have been seeing messages pushing a Microsoft update via a link. The messages spoof the From: address which shows as Microsoft Office, and in an effort to further legitimize these messages and broaden their attack targets, the messages also contain Italian and French translations.
Read more »

Update on the Microsoft Internet Explorer 0-day

01.19.2010 - 4:43 PM
We are monitoring the situation on the new Internet Explorer 0-day vulnerability that we blogged about yesterday. Our ThreatSeeker(TM) network has identified two more malicious URLs that are used in live attacks, this time hxxp://201002.[REMOVED]:2988/log/ie.html and hxxp://m.[REMOVED].net:81/m/index.html. According to reports from our friends at Ahnlab, the second URL was spread through the Instant Messenger network Misslee Messenger, a popular IM client in South Korea.

We have created a timeline of the events surrounding the attacks Google, Adobe etc and the vulnerability (click for a bigger version)
Read more »

New Internet Explorer 0-day Vulnerability and Targeted Attacks

01.18.2010 - 3:19 PM
News of targeted attacks on Google, Adobe, and other large companies were made public last week. The initial assumption was that the attacks were done with malicious PDF files but on Thursday Microsoft released information that the attacks were done with a new security vulnerability in Internet Explorer. This is interesting as the majority of targeted attacks are using email attachments sent to one or a few recipients at a target organization. These attachments are typically PDF, Microsoft Word, Excel or PowerPoint files.
Read more »

Avatar Success Attracts SEO Poisoning Attacks

01.13.2010 - 11:00 PM
The movie Avatar is making a big splash in the global film market, drawing large audiences with its unique viewing experience. It has also attracted some unwanted attention. As people search for information about Avatar on the Internet, cyber criminals are using the opportunity to spread malware. The following figure demonstrates a successful attempt to position malicious content as high as fourth in search results using a common search phrase for the movie.


Read more »