Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(September 2010) Posts

Websense Insight: The Route to Malware

Posted: 28 Sep 2010 01:35 PM | Patrik Runald | no comments


How many clicks does it take to get to the malicious code of an infected website? Surprisingly, the answer is usually, just two . In this Websense Insight we look at how most Internet users are only two clicks away from malicious content in one of three ways: from top sites, poisoned search results,...

Read more > 

Phoenix the supervisor

Posted: 22 Sep 2010 04:34 PM | Anonymous | no comments


In general, spammers will try everything and stop at nothing to deliver content to users. When people don't trust one kind of email, spammers change their tactics and use something else. This process never stops, and is very interesting to follow. It's interesting, at least, if we know we're...

Read more > 

Twitter OnMouseOver Flaw In The Wild

Posted: 21 Sep 2010 02:28 PM | Carl Leonard | no comments


As of this morning we have been monitoring a flaw on twitter.com that delivers pop-ups to Twitter users when they move their mouse cursor over a specially crafted tweet. There is also the potential to deliver status updates when mousing over a tweet and altering the display of the Twitter status on user's...

Read more > 

Can rogue AV ever be legitimate?

Posted: 21 Sep 2010 09:04 AM | Anonymous | no comments


Over the past year, the prevalence of search results laced with rogue AV seemed to never end. Whether the search was about celebrity, politics, calamity, or anything that was hot and trending, blackhat SEO was sure to follow. Now, search engines are being more proactive in producing safer search results...

Read more > 

Fake Facebook password reset leads to rogue AV

Posted: 17 Sep 2010 10:54 AM | Anonymous | no comments


There is no stopping the abuse of social networking sites and an endless reign of social engineering tactics in email campaigns, be it spam or malicious. Facebook seems to be a favourite for most attackers as it has a huge user base, and attackers are almost guaranteed to get their message propagated...

Read more > 

Singing a malicious song

Posted: 16 Sep 2010 04:23 PM | Anonymous | 4 comment(s)


Every now and then we look for song lyrics on the Internet. Using the newest Google Instant technology we immediately find what we need. At least, we think so. Websense Security Labs™ ThreatSeeker™ Network has detected that the popular site S onglyrics.com ( with approximately 200,000 daily...

Read more > 

Cash and "Labels and such" lead to ZEUS

Posted: 15 Sep 2010 03:34 PM | Anonymous | no comments


Websense® Security Labs™ ThreatSeeker™ Network has detected another wave of Zeus malicious email messages. This campaign is related to the familiar "pharma" spam messages that we see everyday, with one exception. This campaign combines an HTML or ZIP attachment with a social...

Read more > 

This Month in the Threat Webscape - August 2010

Posted: 15 Sep 2010 08:49 AM | Jay Liew | no comments


Month of August 2010 Major hits Mass compromises & infections Network Solutions, one of the oldest domain registrars in the world, was found to be serving up a malicious widget on its customers' Web sites. All sites that opted to display a " Small Business Success Index " widget were...

Read more >