Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(March 2011) Posts

Update on LizaMoon mass-injection and Q&A

Posted: 31 Mar 2011 01:03 PM | Patrik Runald | 50 comment(s)


The LizaMoon mass-injection campaign is still ongoing and more than 500,000 pages have a script link to lizamoon.com according to preliminary Google Search results. We have also been able to identify several other URLs that are injected in the exact same way, so the attack is even bigger than we originally...

Read more > 

Filed under: , ,

Italian model exposed in Facebook clickjacking attack

Posted: 28 Mar 2011 11:51 PM | Anonymous | no comments


The mere mention of anything with a sex connotation on Facebook almost always begets some major activity, with people wanting to know more. As a result, whatever the attack vector or channel might be is propagated, and the attacker is sure to get some response. In this example a Facebook click-jacking...

Read more > 

Filed under:

Spotify application serves malicious ads

Posted: 25 Mar 2011 10:25 AM | Patrik Runald | 4 comment(s)


Today it was reported that Spotify , the popular streaming music service, displayed malicious ads to users of their Free version. The ads lead to websites that used the Blackhole Exploit Kit to infect users with the Windows Recovery fake AV application. Our Advanced Classification Engine has full coverage...

Read more > 

Filed under: ,

Rogue SSL certificates issued by Comodo

Posted: 24 Mar 2011 03:58 PM | Patrik Runald | no comments


SSL certificates are used to validate the identity of a Web site to users. Yesterday Comodo , a certificate vendor, announced that nine SSL certificates had been bought and issued for the following domains: mail.google.com (Gmail) login.live.com (Hotmail and Microsoft Live services) www.google.com login...

Read more > 

Filed under:

Rustock - 7 days later

Posted: 22 Mar 2011 06:51 PM | Artem Gololobov | no comments


RIP Rustock botnet! Today marks exactly one week since Rustock, one of the largest spam generator botnets, was taken down by the Microsoft digital crime unit and US federal law enforcement agents. Rustock had more than 250,000 bots approximately, and until last Wednesday was one of the biggest known...

Read more > 

Filed under:

This Month in the Threat Webscape - February 2011

Posted: 07 Mar 2011 09:44 AM | Ivan Sabo | no comments


 

Major Hits

There were two major compromises last month which affected UK. One instance that BBC - 6 Music and 1xtra Web site got compromised and was serving malicious iFrame to Phoenix exploit kit. Another incident happened to most of the famous sites like Autotrader,  Ebay,  London Stock Exchange,  myvue and many others high profile site were hosting ads from an ad provider called Unanimis.  Malvertising campaign happened over the weekend and did not affect as many people as it could have done during working days. Advertisement had an iFrame to another exploit kit which used similar exploits to Black Hole exploit kit.
Night Dragon targets the U.S. oil, gas, and petrochemical companies. It steals proprietary and confidential information from executives by using a combination of social engineering, Remote Administration Tools (RATs), and SQL injection attacks to gain access to external and internal hosts inside companies. It is believed that the attackers are based in China, which is probably why the class of attacks is called Night Dragon.

 

...

Read more > 

Filed under: