Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(May 2010) Posts

Game Channel of MOP BBS compromised

Posted: 30 May 2010 11:19 PM | Xue Yang | no comments

Websense Security Labs™ ThreatSeeker™ Network has discovered that the game channel of MOP BBS has been compromised. Mop.com is one of the largest and most influential forums in China. It was the birthplace of Chinese network culture and has grown into a website with integrated forum, news...


Most Hilarious Video attack on Facebook

Posted: 28 May 2010 01:11 PM | Patrik Runald | no comments

Attacks on Facebook during weekends are unfortunately becoming a trend. For the third weekend in a row users on Facebook are bombarded with messages on their walls talking about Distracting Beach Babes , Sexiest Video Ever or this latest attack which supposedly is the "Most Hilarious Video ever"...


A bad applet in the barrel...

Posted: 26 May 2010 12:06 PM | Chris Astacio | no comments

Injecting malicious html code into legitimate Web sites has become commonplace in the past few years. More often than not, the attackers inject a script or iframe tag in a legitimate site which is meant to redirect visitors to attack sites without their knowledge. Last week, however, we discovered an...


Dissecting the Distracting Beach Babes Facebook app

Posted: 26 May 2010 01:01 AM | Elad Sharf | no comments

We managed to get our hands on the malicious Facebook application that we blogged about twice in the past few weeks. In the video below we're going to dive into it and see what's going on with this app: For those of you that can't spare the time to watch the video, this is a brief summary...


Chinaz.com compromised

Posted: 25 May 2010 05:08 AM | WebsenseSecurityLabs | no comments

Websense Security Labs™ ThreatSeeker™ Network has discovered that the speed testing site of chinaz.com has been compromised. Chinaz.com is a very famous Web master site that provides technical and resource downloading services in China. The daily traffic to this site is over 50,000 hits,...


Warning for "Distracting Beach Babes" on Facebook

Posted: 22 May 2010 05:04 PM | Patrik Runald | no comments

For the second Saturday in a row Facebook users have had to deal with Facebook malware in the form of what looks like sexy videos but are in fact malicious apps. This time the scam is spread in messages like this: Just like in the previous malware attack , what happens if you click on the link is that...


Deciphering in psychological terms

Posted: 21 May 2010 02:18 AM | Hermes Li | no comments

Cryptography is an interesting topic for security research. Recently a researcher put out a " decode me " challenge, and this blog describes what we did that may help others with more experience in cryptography solve the challenge once and for all. The first step was to decode a garbled message...


A Simple N-gram Calculator: pyngram

Posted: 20 May 2010 07:53 AM | Jay Liew | no comments

Updated v1.0.1 5/21/2010 - Improved the exception handling, and changed xrange(len(inputstring)) to xrange(len(inputstring)-nlen+1)). Thanks to colleague Arik Baratz! Recently, as I was trying to solve a cryptogram , I wrote a tool to parse the bigrams and trigrams from the ciphertext, tally the frequency...


3 times lucky?

Posted: 20 May 2010 09:55 AM | Anonymous | no comments

Websense® Security Labs™ ThreatSeeker™ Network has detected a new batch of malicious emails containing Zeus payloads. This campaign takes advantage on free site host to delivery malicious files using many social engineering techniques. From Porn attraction, e-greeting cards, to your system...


My Wordpress blog got injected - again!

Posted: 19 May 2010 06:00 AM | Elad Sharf | no comments

At the beginning of the week and last week the WPSecurityLock Web site published alerts on prominent Wordpress injections. These injections redirect the visitor to a scareware site which falsely claims to have found an infection, i.e. a Rogue AV Web site. Here is a video that shows what exactly is going on from the user's perspective when accessing a compromised Web site with this attack: 



Read more >