Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(August 2010) Posts

Phoenix Exploit Kit's Random Access Obfuscation

Posted: 31 Aug 2010 09:53 PM | Chris Astacio | no comments


In this post I'll cover an interesting piece of obfuscation that we recently came across while handling a blended threat. This threat began as several malicious emails containing a link that redirected to the site below. The obfuscation was found in part of an attack site using the Phoenix Exploit...

Read more > 

Apple QuickTime "_MARSHALED_PUNK" 0-day

Posted: 31 Aug 2010 04:10 PM | Elad Sharf | no comments


Yesterday we received reports about a flaw in Apple's QuickTime player. According to the reports, this flaw can potentially allow an attacker to exploit the user's machine through the browser by making it run arbitrary code without user interaction - a classic drive-by vulnerability. Following...

Read more > 

Web Spam leading to Friendster on the rise

Posted: 27 Aug 2010 04:39 PM | Elad Sharf | no comments


This week has been pretty rough on Friendster , one of the more popular social networking sites. The Websense® Threatseeker® Network detected a spike, or a rather large increase, in the number of abused or fake Friendster accounts that are being Web spammed. The chart below shows the number of...

Read more > 

This Month in the Threat Webscape - July 2010

Posted: 12 Aug 2010 11:49 AM | Jay Liew | 2 comment(s)


Month of July This month the world saw the Microsoft Windows LNK shortcut flaw bring a smile to black hat hackers running Stuxnet, Chymine, Vobfus, Sality and Zeus, as they quickly updated their malware to leverage the vulnerability. In addition, we'll talk about banking Trojans piggy-backing on...

Read more > 

419 scams go phishing

Posted: 09 Aug 2010 11:34 PM | sabu-nimeh | no comments


419 scams have become lame and not a lot of people are falling for them these days. So the scammers have to change their tactics if they want to stay in business.The scam we describe in this blog is quite interesting because it is combines a typical 419 scam with a phishing attack. After the initial...

Read more > 

Technical Analysis on iPhone Jailbreaking

Posted: 06 Aug 2010 02:32 PM | Anonymous | no comments


So, we have this situation here. iPhone has a remote jailbreaking capability without any USB connection or anything. If you launch Safari and connect to the jailbreakme site, you can have your phone jailbroken with just a few steps. Obviously, this can be abused by bad guys to attack any iPhone in the...

Read more > 

You have Rogue Mail!

Posted: 06 Aug 2010 05:17 PM | Anonymous | no comments


Websense Security Labs™ ThreatSeeker™ Network has detected thousands of malicious emails purporting to be from big-brand companies like Target, Macy’s, Best Buy, and Evite. We blogged about the different attack strategies that malicious authors have been using in their recent tax-themed...

Read more > 

Media Temple injections lead to Phoenix Exploit Kit

Posted: 05 Aug 2010 10:39 AM | Tim Xia | no comments


Websense® Security Labs™ ThreatSeeker™ Network has discovered that over 100 Web sites on the Media Temple Web host servers have been compromised, and will lead visitors to the Phoenix Exploit Kit. It's not the first time they have had a WordPress injection , but a quick investigation...

Read more > 

2010 Tax-Themed Malicious Emails

Posted: 04 Aug 2010 12:46 PM | Anonymous | no comments


Websense Security Labs™ ThreatSeeker™ Network has detected a wave of tax-themed malicious email. While the tax theme in spam email is common all year round, it is interesting to see the different strategies malicious authors use in their campaigns. We have seen reports last June about email...

Read more >