Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(August 2010) Posts

Phoenix Exploit Kit's Random Access Obfuscation

Posted: 31 Aug 2010 09:53 PM | Chris Astacio | no comments


In this post I'll cover an interesting piece of obfuscation that we recently came across while handling a blended threat. This threat began as several malicious emails containing a link that redirected to the site below. The obfuscation was found in part of an attack site using the Phoenix Exploit...

Read more > 

Filed under: , ,

Apple QuickTime "_MARSHALED_PUNK" 0-day

Posted: 31 Aug 2010 04:10 PM | Elad Sharf | no comments


Yesterday we received reports about a flaw in Apple's QuickTime player. According to the reports, this flaw can potentially allow an attacker to exploit the user's machine through the browser by making it run arbitrary code without user interaction - a classic drive-by vulnerability. Following...

Read more > 

Filed under:

This Month in the Threat Webscape - July 2010

Posted: 12 Aug 2010 11:49 AM | Jay Liew | 2 comment(s)


Month of July This month the world saw the Microsoft Windows LNK shortcut flaw bring a smile to black hat hackers running Stuxnet, Chymine, Vobfus, Sality and Zeus, as they quickly updated their malware to leverage the vulnerability. In addition, we'll talk about banking Trojans piggy-backing on...

Read more > 

Filed under:

419 scams go phishing

Posted: 09 Aug 2010 11:34 PM | sabu-nimeh | no comments


419 scams have become lame and not a lot of people are falling for them these days. So the scammers have to change their tactics if they want to stay in business.The scam we describe in this blog is quite interesting because it is combines a typical 419 scam with a phishing attack. After the initial...

Read more > 

Filed under: ,

Technical Analysis on iPhone Jailbreaking

Posted: 06 Aug 2010 02:32 PM | Matt Oh | no comments


So, we have this situation here. iPhone has a remote jailbreaking capability without any USB connection or anything. If you launch Safari and connect to the jailbreakme site, you can have your phone jailbroken with just a few steps. Obviously, this can be abused by bad guys to attack any iPhone in the...

Read more > 

You have Rogue Mail!

Posted: 06 Aug 2010 05:17 PM | Mary Grace Timcang | no comments


Websense Security Labs™ ThreatSeeker™ Network has detected thousands of malicious emails purporting to be from big-brand companies like Target, Macy’s, Best Buy, and Evite. We blogged about the different attack strategies that malicious authors have been using in their recent tax-themed...

Read more > 

Filed under: , ,

2010 Tax-Themed Malicious Emails

Posted: 04 Aug 2010 12:46 PM | Mary Grace Timcang | no comments


Websense Security Labs™ ThreatSeeker™ Network has detected a wave of tax-themed malicious email. While the tax theme in spam email is common all year round, it is interesting to see the different strategies malicious authors use in their campaigns. We have seen reports last June about email...

Read more > 

Filed under: ,