Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(January 2011) Posts

"Facebook Profile Photos" malware on the run!

Posted: 30 Jan 2011 08:41 AM | Ran Qiong | no comments

Websense Security Labs™ ThreatSeeker™ Network has detected another fake Facebook sites campaign, just 4 days after Websense warned of the Mark Zuckerberg Facebook Page Showing Rogue Comments hack. A malicious executable file appears on fake Facebook sites titled  "Facebook Profile Photos". Websense customers have been protected against this attack with ACE, our Advanced Classification Engine.




Posted: 25 Jan 2011 01:15 AM | Anonymous | no comments

Websense Security Labs™ ThreatSeeker™ Network has detected a new phishing kit circulating in the Oceania region. Following on from the UK tax assessment attack, more phishing attacks are surfacing and this campaign targets seven top Australian banks at once along with the Australian Tax Office. Websense customers have been protected against this attack with ACE.

The attack first imitates the Australian Tax Office (ATO) e-tax refund page, an online system where taxpayers can lodge their annual tax refund requests.



Tax does not have to be tasking, says Moira!

Posted: 24 Jan 2011 07:02 AM | Anonymous | no comments

As the UK self assessment tax return deadline for online completion draws near, and the US tax season begins, we at Websense Security Labs again see an increase in related spam. The most recent attacks are mainly "form-based." Our Threatseeker network finds these coming in several varieties...


CCTV in China is becoming victim of new tricks

Posted: 21 Jan 2011 09:55 AM | Ran Qiong | no comments

Malware in China been seen using rogue software to hijack browser allowing advertisements, affiliation  traffic, Alexa minipulation. We have tracked low profile search engines being pushed up to Alexa rank and hosts malicious injections. This time they spoofed as government owned CCTV television software to spread widely in China.



New Koobface Campaign Spreading on Facebook

Posted: 14 Jan 2011 06:44 AM | uwang | 2 comment(s)

Websense Security Labs™ ThreatSeeker™ Network has detected a new Koobface campaign spreading on Facebook. The campaign is spreading via direct messages sent from compromised accounts. Websense customers have been protected against this attack with ACE . Sample message: Some observations on...


Waledac wakes up after 7 days of sleep

Posted: 13 Jan 2011 10:10 AM | Patrik Runald | no comments

Waledac appeared in a new version in the last days of 2010, sending out big amounts of New Year related spam messages. It then stopped spamming in the evening of January 4th.

On Tuesday morning a new variant of Waledac was distributed to members of the botnet. Yesterday it started spamming again, but now it's back to sending pharmaceutical spam promoting "the magic blue pill" which we have seen previous versions of Waledac do in the past. As in previous spam campaigns, the spammers are using redirections via compromised legitimate sites.




Spam Wars: Return Of The Spam

Posted: 10 Jan 2011 12:08 PM | Carl Leonard | no comments


With the end of the Christmas and New Year periods Websense has seen the first notable spike in number of spam messages processed by our Hosted Email Security services.  Could this spike indicate an upturn toward pre-November 2010 spam levels, or alternatively could it be just a blip in the spam universe?


Recently we spoke with several news agencies discussing the decline in spam volumes during the Christmas period and December 2010.  You can familiarise yourself with that story by looking at the article here on the BBC.


Today we noticed a spike in activity starting just after midnight on Monday morning UK time.



WageWorks site compromised

Posted: 05 Jan 2011 07:20 AM | Patrik Runald | 2 comment(s)

A website owned by WageWorks has been compromised to redirect users to a known malicious Web site. The site that is compromised is hxxp://learnwageworks.com and we advise users to not visit this site until the issue has been fixed. Websense customers are protected proactively against the compromise by...

Read more >