Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(March 2010) Posts

Malicious Code Evolution from IE Zero-Day Exploit Code

Posted: 19 Mar 2010 03:44 AM | WebsenseSecurityLabs | no comments


Internet Explorer zero-day exploits are not new to the world: we have been suffering from them since the beginning of IE. This latest IE zero-day exploit, known as CVE-2010-0806 , as usual is no surprise, but we can't help noticing that something behind it has changed. Just a week after the exploit...

Read more > 

Filed under: ,

How To Speak Malicious

Posted: 16 Mar 2010 02:52 PM | WebsenseSecurityLabs | no comments


In this blog post, I want to cover a specific type of code obfuscation and then demonstrate how to manually, step-by-step deobfuscate the code. There are many automated tools and methods for performing deobfuscation, but I feel it's important to get down to the attacker's level to gain a more...

Read more > 

Filed under:

This Month in the Threat Webscape - February 2010

Posted: 13 Mar 2010 03:20 PM | WebsenseSecurityLabs | no comments


Major Hits Microsoft's Ninemsn, one of the most visited portals in Australia (Alexa rank 573), was compromised and injected with malicious code. The malicious code was identified to be part of the Gumblar mass injections. Another regional high profile compromise victim was Bollywood Hungama's...

Read more > 

Filed under:

Searching for Corey Haim Leads to Rogue AV

Posted: 11 Mar 2010 03:19 PM | WebsenseSecurityLabs | no comments


Websense Security Labs™ ThreatSeeker™ Network has discovered that search terms related to Corey Haim have become the latest target for Blackhat SEO poisoning attacks. Corey Haim , 1980s teen idol actor and a star of such famous movies as "The Lost Boys" and "License to Drive"...

Read more > 

Filed under: ,

WordPress Injection Attack

Posted: 09 Mar 2010 04:51 AM | WebsenseSecurityLabs | no comments


Nowadays it is not surprising when people's blogs are attacked, especially when the blog owner is a well-known person. No matter how frustrated or disappointed the bloggers are, attacks still continue. If you search "my blog was hacked" on Google, you get 4,230,000 results; searching "my...

Read more > 

Filed under:

RSA 2010 Recap

Posted: 09 Mar 2010 04:39 AM | WebsenseSecurityLabs | no comments


Dan Hubbard, myself, our awesome event managers, and the rest of the Websense crew have arrived home after attending and presenting at RSA 2010 in San Francisco. It was another successful year as the conference was very well attended and the presentations were quite informative. Figure 1: Stephan Chenette's...

Read more > 

Filed under: , ,

BBS of Sougou Compromised

Posted: 02 Mar 2010 01:58 PM | WebsenseSecurityLabs | no comments


Websense® Security Labs™ ThreatSeeker™ Network has discovered that the BBS of Sougou has been compromised. The Sougou BBS home page and other pages on the site have been injected with a malicious script. The script creates an IFrame that redirects users to an exploit site: a 5-day old...

Read more > 

Filed under: