Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(March 2011) Posts

Update on LizaMoon mass-injection and Q&A

Posted: 31 Mar 2011 01:03 PM | Patrik Runald | 50 comment(s)

The LizaMoon mass-injection campaign is still ongoing and more than 500,000 pages have a script link to lizamoon.com according to preliminary Google Search results. We have also been able to identify several other URLs that are injected in the exact same way, so the attack is even bigger than we originally...


LizaMoon mass injection hits over 226,000 URLs (was 28,000)

Posted: 29 Mar 2011 10:15 AM | Patrik Runald | 31 comment(s)

Websense Security Labs and the Websense Threatseeker Network have identified a new malicious mass-injection campaign that we call LizaMoon . Websense customers are protected with the Advanced Classification Engine. Updated information We have updated information about the LizaMoon injection available...


Italian model exposed in Facebook clickjacking attack

Posted: 28 Mar 2011 11:51 PM | Anonymous | no comments

The mere mention of anything with a sex connotation on Facebook almost always begets some major activity, with people wanting to know more. As a result, whatever the attack vector or channel might be is propagated, and the attacker is sure to get some response. In this example a Facebook click-jacking...


Spotify application serves malicious ads

Posted: 25 Mar 2011 10:25 AM | Patrik Runald | 4 comment(s)

Today it was reported that Spotify , the popular streaming music service, displayed malicious ads to users of their Free version. The ads lead to websites that used the Blackhole Exploit Kit to infect users with the Windows Recovery fake AV application. Our Advanced Classification Engine has full coverage...


Rogue SSL certificates issued by Comodo

Posted: 24 Mar 2011 03:58 PM | Patrik Runald | no comments

SSL certificates are used to validate the identity of a Web site to users. Yesterday Comodo , a certificate vendor, announced that nine SSL certificates had been bought and issued for the following domains: mail.google.com (Gmail) login.live.com (Hotmail and Microsoft Live services) www.google.com login...


Rustock - 7 days later

Posted: 22 Mar 2011 06:51 PM | Anonymous | no comments

RIP Rustock botnet! Today marks exactly one week since Rustock, one of the largest spam generator botnets, was taken down by the Microsoft digital crime unit and US federal law enforcement agents. Rustock had more than 250,000 bots approximately, and until last Wednesday was one of the biggest known...


New 0-day Vulnerability in Adobe Flash Player (CVE-2011-0609)

Posted: 15 Mar 2011 07:35 AM | Elad Sharf | no comments

Websense® Security Labs™ has received reports of a new zero-day exploit that targets Adobe Flash Player (CVE-2011-0609). The vulnerability can potentially allow an attacker to execute malicious code on a targeted machine and has been spotted in a limited number of targeted attacks. The targeted...


Japanese disaster - ammo for cyber arsenal

Posted: 15 Mar 2011 06:54 AM | Anonymous | no comments

It’s no secret that criminals try to use huge disasters to their benefit to make some cash, this time is no exception! We have been able to track several black hat methods to convince people to "help” Japan’s disaster-affected population. The set of techniques are not new and usually...


This Month in the Threat Webscape - February 2011

Posted: 07 Mar 2011 09:44 AM | Anonymous | no comments


Major Hits

There were two major compromises last month which affected UK. One instance that BBC - 6 Music and 1xtra Web site got compromised and was serving malicious iFrame to Phoenix exploit kit. Another incident happened to most of the famous sites like Autotrader,  Ebay,  London Stock Exchange,  myvue and many others high profile site were hosting ads from an ad provider called Unanimis.  Malvertising campaign happened over the weekend and did not affect as many people as it could have done during working days. Advertisement had an iFrame to another exploit kit which used similar exploits to Black Hole exploit kit.
Night Dragon targets the U.S. oil, gas, and petrochemical companies. It steals proprietary and confidential information from executives by using a combination of social engineering, Remote Administration Tools (RATs), and SQL injection attacks to gain access to external and internal hosts inside companies. It is believed that the attackers are based in China, which is probably why the class of attacks is called Night Dragon.



Read more >