Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(June 2010) Posts

Analysis of a backdoor's communication process

Posted: 30 Jun 2010 06:57 AM | Hermes Li | no comments


Websense Security Labs™ ThreatSeeker™ Network has detected a backdoor written by a Chinese hacker spreading in the wild. In this blog we shall explore what actions are possible with such a backdoor. The controller client of the backdoor can explore and modify all files on a compromised server...

Read more > 

SyScan'10 Singapore Conference

Posted: 24 Jun 2010 07:05 | Hermes Li | no comments


Last week, Ulysses and Hermes attended the SyScan'10 Singapore conference, where 17 speakers presented 14 different topics, including software and hardware security. The many interesting topics at this conference included integrity checking of Microsoft Office documents, Chrome sandboxing, Office...

Read more > 

Filed under:

EUSecWest 2010 Wrap-up

Posted: 24 Jun 2010 11:41 AM | Matt Oh | no comments


I was at EUSecwest 2010 last week, to give a talk about binary diffing technology and my tool DarunGrim . The conference went from June 16 th to June 17 th . We had a fun time sharing our ideas and findings. Here are brief descriptions of the talks that I attended. Rainbow Tables Reimplemented Sebastian...

Read more > 

Filed under:

iPhone Launch Triggers Nefarious Activity

Posted: 24 Jun 2010 02:53 AM | Carl Leonard | no comments


With the official launch of Apple's iPhone 4 today people are queing outside stores to get hold of the latest smart phone. Spammers do not miss an opportunity to jump on the hype around new product launches - especially in the case of the iPhone 4 when all 600,000 pre-orders have been allocated prior...

Read more > 

dreamtemplate.com compromised

Posted: 17 Jun 2010 05:22 | Elad Sharf | no comments


Websense Security Labs™ ThreatSeeker™ Network has discovered that the popular site dreamtemplate.com has been compromised. Websense customers are protected from this threat. The site has been injected with an Iframe that leads to a one day old site. The file dropped by the exploit has only...

Read more > 

This Month in the Threat Webscape - May 2010

Posted: 16 Jun 2010 02:00 AM | Jay Liew | no comments


Major Hits A few Web sites belonging to the U.S. Department of the Treasury were compromised and injected with a malicious iframe which loaded exploit code to visitors (video included) . Yet another large scale attack targeting Wordpress installs occurred, leading visitors to rogue AV sites, pharmaceutical...

Read more > 

Filed under:

Adobe 0-day used in mass injections

Posted: 11 Jun 2010 09:38 AM | Patrik Runald | no comments


Unfortunately it was only a matter of time. Until today the latest Adobe 0-day vulnerability (CVE-2010-1297) had only been used in targeted attacks. That changed a few hours ago when we started seeing mass injections adding the following URL to thousands of pages around the world: hxxp://26[REMOVED]...

Read more > 

Filed under: ,

World Cup Bad News - Malicious Spam

Posted: 11 Jun 2010 01:00 AM | Anonymous | no comments


Websense® Security Labs™ ThreatSeeker™ Network has detected a new wave of interesting malicious emails. At the dawn of the eagerly anticipated World Cup tournament, we would expect to be inundated with suitably themed spam. The sample we have encountered today is a little different from...

Read more > 

Filed under: