Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(May 2010) Posts

Zeus is forwarding Adobe updates again

Posted: 18 May 2010 10:02 AM | Chris Astacio | no comments


Websense® Security Labs™ ThreatSeeker™ Network has detected a new batch of malicious emails containing Zeus payloads. This campaign is very similar to another which Adobe reported on a couple weeks ago. The social engineering tricks on this campaign have gotten considerably better. The...

Read more > 

Filed under:

"Sexiest Video Ever" on Facebook

Posted: 15 May 2010 04:15 AM | Patrik Runald | no comments


A new malware is making its way across Facebook in messages that claims to be "the sexiest video ever" . A screen shot of the message can be seen below. When clicking on the "video" you are taken to an application installation screen asking you to allow it to access your profile,...

Read more > 

Filed under: , , ,

This Month in the Threat Webscape - April 2010

Posted: 13 May 2010 07:05 AM | Jay Liew | no comments


Major hits Palm's mobile platform named WebOS failed many basic security measures. White hat hackers found that WebOS could be exploited by specially crafted text messages (SMS). The Apache Foundation's web servers were compromised in an attack that used a combination of cross-site scripting...

Read more > 

Filed under:

Don't use that new Facebook Toolbar, I mean backdoor!

Posted: 11 May 2010 08:20 AM | Chris Astacio | no comments


Today our email honeypots found a new message that purported to be from Facebook, advertising a new toolbar. The From line was spoofed to look like the message had actually been sent from the Facebook team. There is no specific recipient name in the message, so it's very generic in how it's addressed...

Read more > 

BlackHat SEO Abuse Of UK General Election

Posted: 07 May 2010 03:24 PM | Carl Leonard | no comments


Websense Security Labs™ ThreatSeeker™ Network has discovered that search terms relating to the UK General Election are delivering rogue antivirus to end users through the use of BlackHat SEO. The British General Election polls closed yesterday, and news of the results is gradually making...

Read more > 

Filed under: ,

phpnuke.org has been compromised

Posted: 07 May 2010 07:25 AM | Tamas Rudnai |


Websense® Security Labs™ ThreatSeeker™ Network has discovered that the popular Web site, phpnuke.org, has been compromised. PHP-Nuke is a popular Web content management system (CMS), based on PHP and a database such as MySQL, PostgreSQL, Sybase, or Adabas. Earlier versions were open source...

Read more > 

Filed under: , , ,

Treasury websites compromised

Posted: 03 May 2010 04:50 PM | Patrik Runald | no comments


A few of the US Treasury websites were compromised today and loaded a hidden iframe containing exploit code to anyone who visited the following three sites: bep.gov bep.treas.gov moneyfactory.gov The code that was loaded can be seen in the screen shot below. This iframe loads a page from gr[REMOVED]ad...

Read more > 

Filed under: ,