Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(June 2010) Posts

Analysis of a backdoor's communication process

Posted: 30 Jun 2010 06:57 AM | Hermes Li | no comments

Websense Security Labs™ ThreatSeeker™ Network has detected a backdoor written by a Chinese hacker spreading in the wild. In this blog we shall explore what actions are possible with such a backdoor. The controller client of the backdoor can explore and modify all files on a compromised server...


SyScan'10 Singapore Conference

Posted: 24 Jun 2010 07:05 PM | Hermes Li | no comments

Last week, Ulysses and Hermes attended the SyScan'10 Singapore conference, where 17 speakers presented 14 different topics, including software and hardware security. The many interesting topics at this conference included integrity checking of Microsoft Office documents, Chrome sandboxing, Office...


EUSecWest 2010 Wrap-up

Posted: 24 Jun 2010 11:41 AM | Anonymous | no comments

I was at EUSecwest 2010 last week, to give a talk about binary diffing technology and my tool DarunGrim . The conference went from June 16 th to June 17 th . We had a fun time sharing our ideas and findings. Here are brief descriptions of the talks that I attended. Rainbow Tables Reimplemented Sebastian...


iPhone Launch Triggers Nefarious Activity

Posted: 24 Jun 2010 02:53 AM | Carl Leonard | no comments

With the official launch of Apple's iPhone 4 today people are queing outside stores to get hold of the latest smart phone. Spammers do not miss an opportunity to jump on the hype around new product launches - especially in the case of the iPhone 4 when all 600,000 pre-orders have been allocated prior...


Malicious Notification Spam: Account Verification

Posted: 22 Jun 2010 03:38 AM | Shiyu Bai | no comments

Websense Security Labs™ ThreatSeeker™ Network has detected a malicious spam outbreak with the Subject line "Account Verification". As of June 22, we have counted more than 100,000 of these messages. The attack message is disguised as coming from Digg.com. It asks the recipient to...


dreamtemplate.com compromised

Posted: 17 Jun 2010 05:22 PM | Elad Sharf | no comments

Websense Security Labs™ ThreatSeeker™ Network has discovered that the popular site dreamtemplate.com has been compromised. Websense customers are protected from this threat. The site has been injected with an Iframe that leads to a one day old site. The file dropped by the exploit has only...


This Month in the Threat Webscape - May 2010

Posted: 16 Jun 2010 02:00 AM | Jay Liew | no comments

Major Hits A few Web sites belonging to the U.S. Department of the Treasury were compromised and injected with a malicious iframe which loaded exploit code to visitors (video included) . Yet another large scale attack targeting Wordpress installs occurred, leading visitors to rogue AV sites, pharmaceutical...


Drawing similarities between email and web attacks

Posted: 14 Jun 2010 03:52 PM | Chris Astacio | no comments

Websense® Security Labs™ ThreatSeeker™ Network has detected an interesting correlation between recent rounds of malicious emails and the JavaScript files being used in mass injections. First, let's think about recent malicious email campaigns. If you review our recent blog posts about...


Adobe 0-day used in mass injections

Posted: 11 Jun 2010 09:38 AM | Patrik Runald | no comments

Unfortunately it was only a matter of time. Until today the latest Adobe 0-day vulnerability (CVE-2010-1297) had only been used in targeted attacks. That changed a few hours ago when we started seeing mass injections adding the following URL to thousands of pages around the world: hxxp://26[REMOVED]...


World Cup Bad News - Malicious Spam

Posted: 11 Jun 2010 01:00 AM | Anonymous | no comments

Websense® Security Labs™ ThreatSeeker™ Network has detected a new wave of interesting malicious emails. At the dawn of the eagerly anticipated World Cup tournament, we would expect to be inundated with suitably themed spam. The sample we have encountered today is a little different from...

Read more >