Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(January 2012) Posts

3-2-1 Wordpress vulnerability leads to possible new exploit kit

Posted: 30 Jan 2012 02:30 PM | Anonymous | no comments

This past weekend one compromised Web site in particular caught my attention. Based on my analysis, the site was compromised because it was running an old version of Wordpress (3.2.1) that is vulnerable to publicly available exploits [ 1 ] [ 2 ]. The Web site injection is only somewhat interesting. What...


Trojan caught on camera shows CAPTCHA is still a security issue

Posted: 30 Jan 2012 02:00 AM | Elad Sharf | 2 comment(s)

In a series of blogs a few years back, we covered how malware could abuse and circumvent online services that use CAPTCHA tests as part of their security ( 1 2 ). In this blog, we take a look at a recent malware variant from the wild caught on camera that shows CAPTCHA tests used by some online services...


Phoenix, Phoenix, I need help!

Posted: 26 Jan 2012 03:30 AM | Anonymous | no comments

The Websense® ThreatSeeker® Network has been tracking an ongoing malicious email campaign in which a recipient is asked to click a link to check a bill mistakenly received by another user.  We have been monitoring campaigns of thousands of emails similar to this one for a while now and notice that the Phoenix Exploit Kit is used. The campaign starts with the following email:



entrepreneur.com compromised with CrimePack

Posted: 25 Jan 2012 01:40 PM | Tamas Rudnai | no comments

Today, Websense® ThreatSeeker® Network alerted us that entrepreneur.com has been compromised by cyber criminals, resulting in potentially malicious content being downloaded to a user's machine. Entrepreneur.com is a very popular information and community resource for small businesses on the web (see Alexa rank).


Websense customers are protected from these threats by ACE™, our Advanced Classification Engine.


The attacker used the CrimePack exploit kit, which employs several different exploits to try to infect a user’s computer. We'll explain how this works in detail. Let's start by visiting the home page of entrepreneur.com where we notice an iframe injected into the page:




The rise of a typosquatting army

Posted: 22 Jan 2012 03:30 AM | uwang | no comments

The week before we published a blog that discussed typosquatting of social web sites that lead visitors to spam survey sites with a high Alexa ranking. With our on-going research, we discovered that cyber-criminals are carrying out even more work, and the campaign is more widespread than we originally...


Trending Topic Search for "QuickTime" Leads to Phishing Site

Posted: 19 Jan 2012 10:09 PM | Anonymous | no comments

The Websense® ThreatSeeker® Network routinely monitors search results from Google trending topics. For example, if you were to search for the term "QuickTime" today, the 31st resulting entry would lead to a typosquatted URL, which pulls content from a phishing URL. Clicking this Google...


My email address was shared on Twitter, but who cares?

Posted: 19 Jan 2012 02:11 AM | Elad Sharf | no comments

Websense Security Labs™ has found that thousands of businesses and consumers are putting themselves at risk each day by publicly revealing their email addresses on Twitter. We conducted research on how data that might be considered private is exposed via Twitter. The research focused on shared...


One critical and six important Microsoft patches to start 2012

Posted: 12 Jan 2012 02:43 PM | Tamas Rudnai | no comments

The start of the Olympic year of 2012 sees a quick release of 7 patches from Microsoft, including 1 that addresses a critical vulnerability that allows remote code execution when exploited. Websense® Security Labs strongly recommends that you update to the latest patches to avoid attacks from cyber...

Read more >