Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(April 2011) Posts

SOURCE Boston 2011 Conference RECAP

Posted: 27 Apr 2011 05:46 PM | Anonymous | no comments

I returned this past weekend from SOURCE Boston , where I presented the new features and architecture of Fireshark v2. I have had the opportunity to speak at many conferences before, but this was my first time doing so in my university town of Boston ( Northeastern ), and my first time speaking at SOURCE...


Filed under: , , , , , ,

Malicious E-Cards on the prowl

Posted: 26 Apr 2011 09:14 PM | Anonymous | no comments

Emails disguised as electronic cards have been used as bait over and over again for malicious intent. The fact that they are overused is a clear indicator that this lure indeed works. Websense Security Labs™ and the Websense ThreatSeeker® Network recently came across an e-card themed email...


Filed under: , ,

Mass Injections Leading to g01pack Exploit Kit

Posted: 19 Apr 2011 01:07 AM | Chris Astacio | 1 comment(s)

Our ThreatSeeker® Network is constantly on the lookout to protect our customers from malicious attacks.  Recently it has detected a new injection attack which leads to an obscure web attack kit.  The injection has three phases which will be covered in this blog post. Websense customers are protected from this attack by ACE, our Advanced Classification Engine.



Filed under: , , ,

Boxes of Money !

Posted: 15 Apr 2011 02:27 AM | John Smith | no comments

Phishing and 419 scams have been around for a while now. However, sometimes they never cease to amaze when it comes to their tactics. We caught this most recent one in one of our Honeypots and thought we would share due to the “over-the-top” images sent.


Also note the horrific markup of the passport. 




Email sent from: usermail.uni-ak.ac.at ([]

Email Subject: urgent response

Email body:

Apologies for having to reach out to you like this, my name is Gideon Kerkula am from Liberia, I and my mother just arrived with 2 inherited trunk boxes which our late father kept in our under ground flat



Filed under:

This Month in the Threat Webscape - March 2011

Posted: 13 Apr 2011 02:12 PM | Anonymous | 1 comment(s)

Major hits

March 17 of this year will be remembered very well for a long time - in fact, we should celebrate it as the BreachID Day from now on. RSA’s Executive Chairman Art Coviello wrote an open letter explaining a short background about the breach, which happened in their “kitchen” as an “extremely sophisticated cyber attack” that put their SecurID product at risk. Even though the breach probably did not disclose any very sensitive data, it pointed out just how fragile the security is.

Popular streaming service Spotify got compromised via third-party ads that served malicious content to all free users. Seems like free does come at a price after all.

Comodo, a cerificate vendor, informed us that nine bogus SSL certificates had been issued for several top Alexa domains. The certificates were revoked immediately. Well, once Comodo found out what had been going on. However, it happened again for two more and again and - in fact, who knows what else?

Are you using TripAdvisor when planning your holidays? You really should expect more spam in the future. The company announced a breach losing all members data. Fortunately, no credit card details - for this time at least.



Filed under:

One more Adobe 0-day vulnerability using Office files

Posted: 11 Apr 2011 04:44 PM | Patrik Runald | no comments

Today Adobe announced a new 0-day vulnerability (CVE-2011-0611) in Adobe Flash Player and Adobe Acrobat that, similar to the previous 0-day from less than a month ago, was found embedded in a Microsoft Office file. The vulnerability allows an attacker to execute malicious code on a computer and has been...


Filed under: ,