Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(March 2010) Posts

Malicious Code Evolution from IE Zero-Day Exploit Code

Posted: 19 Mar 2010 03:44 AM | WebsenseSecurityLabs | no comments


Internet Explorer zero-day exploits are not new to the world: we have been suffering from them since the beginning of IE. This latest IE zero-day exploit, known as CVE-2010-0806 , as usual is no surprise, but we can't help noticing that something behind it has changed. Just a week after the exploit...

Read more > 

How To Speak Malicious

Posted: 16 Mar 2010 02:52 PM | WebsenseSecurityLabs | no comments


In this blog post, I want to cover a specific type of code obfuscation and then demonstrate how to manually, step-by-step deobfuscate the code. There are many automated tools and methods for performing deobfuscation, but I feel it's important to get down to the attacker's level to gain a more...

Read more > 

This Month in the Threat Webscape - February 2010

Posted: 13 Mar 2010 03:20 PM | WebsenseSecurityLabs | no comments


Major Hits Microsoft's Ninemsn, one of the most visited portals in Australia (Alexa rank 573), was compromised and injected with malicious code. The malicious code was identified to be part of the Gumblar mass injections. Another regional high profile compromise victim was Bollywood Hungama's...

Read more > 

Searching for Corey Haim Leads to Rogue AV

Posted: 11 Mar 2010 03:19 PM | WebsenseSecurityLabs | no comments


Websense Security Labs™ ThreatSeeker™ Network has discovered that search terms related to Corey Haim have become the latest target for Blackhat SEO poisoning attacks. Corey Haim , 1980s teen idol actor and a star of such famous movies as "The Lost Boys" and "License to Drive"...

Read more > 

Quarter Million Malicious Facebook Posts

Posted: 11 Mar 2010 03:17 PM | WebsenseSecurityLabs | no comments


A word of caution to Facebook users: be careful when clicking links on Facebook, even if they're on your friend's page or your favorite superstar's page. We have detected a malicious campaign that is quickly spreading on Facebook. The malware has very low anti-virus coverage and can be found...

Read more > 

WordPress Injection Attack

Posted: 09 Mar 2010 04:51 AM | WebsenseSecurityLabs | no comments


Nowadays it is not surprising when people's blogs are attacked, especially when the blog owner is a well-known person. No matter how frustrated or disappointed the bloggers are, attacks still continue. If you search "my blog was hacked" on Google, you get 4,230,000 results; searching "my...

Read more > 

RSA 2010 Recap

Posted: 09 Mar 2010 04:39 AM | WebsenseSecurityLabs | no comments


Dan Hubbard, myself, our awesome event managers, and the rest of the Websense crew have arrived home after attending and presenting at RSA 2010 in San Francisco. It was another successful year as the conference was very well attended and the presentations were quite informative. Figure 1: Stephan Chenette's...

Read more > 

BBS of Sougou Compromised

Posted: 02 Mar 2010 01:58 PM | WebsenseSecurityLabs | no comments


Websense® Security Labs™ ThreatSeeker™ Network has discovered that the BBS of Sougou has been compromised. The Sougou BBS home page and other pages on the site have been injected with a malicious script. The script creates an IFrame that redirects users to an exploit site: a 5-day old...

Read more >