Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(September 2011) Posts

Malicious Emails with Subject “ACH Payment xxxxx Canceled”

Posted: 28 Sep 2011 01:00 AM | Anonymous | no comments

Have you received an email with an “ACH Payment xxxxx Canceled” subject line? Please don’t open the link in the email, as it will take you to a malicious URL. Websense® ThreatSeeker® Network has detected that an email campaign broke out on 27th September, 2011. In this campaign...


Websense Labs Video: Speaking in Tongues: Malware C&C Encryption

Posted: 27 Sep 2011 11:56 AM | Patrik Runald | no comments

Historically, malware uses IRC to communicate outbound once it has infected a host. But what exactly is malware doing now? In this week’s Websense Security Labs video, researchers Ali Mesdaq and Stephan Chenette guide us through an explanation of malware that communicates using custom encryption...


Filed under:

Did you hear about the new Facebook changes?

Posted: 23 Sep 2011 10:46 PM | Elisabeth Olsen | no comments

At their f8 Developers Conference in San Francisco last week, Facebook announced their recent major makeover and how this is just the beginning. These are the largest changes to Facebook since the early beginnings of the site. Their newly released features are: A redo of their Friends Lists (like Google...


Filed under: ,

Fake malware notifications from "Websense Labs"

Posted: 22 Sep 2011 08:34 AM | Elad Sharf | no comments

Earlier this week we detected malicious email messages that appeared to be sent from "Websense Labs" that contain an alert about detected malicious activity. We have published this blog to let all of our customers know that we would never notify you in this manner and that these messages were...


Filed under:

What's More Scary, Hurricanes or Black Holes?

Posted: 20 Sep 2011 08:52 PM | Ran Mosessco | no comments

By now, it has become somewhat of a cliché to mention how cyber-criminals try to exploit the latest hot topics to lure victims to malicious content. The recent hurricane scares, however, provided an example that we found interesting. A few weeks ago, Websense Security Labs and the Websense ThreatSeeker® Network came across an email campaign that redirected users to Web pages downloading rogue AV via the Blackhole exploit kit.

Websense Email Security and Websense Web Security protect against this kind of blended threat with ACE, our Advanced Classification Engine.

This post examines how various vectors (email and Web) lead to Blackhole exploit kits and rogue AV, all hosted on a single IP address.

It also shows how some messages from the same email campaign, as well as similar variants, lead to pharmaceutical sites related to the "Yambo Family" group of Web sites.



Filed under: , , ,

Últimas Noticias has been compromised

Posted: 20 Sep 2011 11:22 AM | Hermes Li | no comments

Websense® ThreatSeeker® Network has detected that the Últimas Noticias Web site (ultimasnoticias.com.ve) was compromised on 19th September, 2011. Últimas Noticias is the highest-selling daily newspaper in Venezuela. It was founded in Caracas in 1941 after the pro-freedom measures...


Filed under: