Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(May 2012) Posts

Malware Traditions on Fire: What you need to know about Flame

Posted: 30 May 2012 11:47 PM | Patrik Runald | no comments

Yesterday we posted about a new strain of highly advanced malware (APT), dubbed Flame . It is potentially the most advanced malware to date, at least in terms of functionality combined with the ability to stay hidden over a long period of time. It’s also unusually large (20 MB), whereas most attacks...


Flame/Flamer/Skywiper - one of the most advanced malware found yet

Posted: 29 May 2012 03:21 PM | Elad Sharf | no comments

Yesterday, news broke that a new strain of highly advanced malware (APT), dubbed Flame (Flamer/ Skywiper), has been identified. The variant was found to be prevalent in the Middle East. Recent well-known malware that was also found in the Middle East are Stuxnet and Duqu , both very advanced and ground...


The Amnesty International UK website was compromised to serve Gh0st RAT [Update]

Posted: 11 May 2012 01:29 AM | Anonymous | no comments

Between May 8 and 9, 2012, the Websense® ThreatSeeker® Network detected that the Amnesty International United Kingdom website was compromised. The website was apparently injected with malicious code for these 2 days. During that time, website users risked having sensitive data stolen and perhaps infecting other users in their network. However, the website owners rectified this issue after we advised them about the injection. In early 2009, we discovered this same site was compromised, and in2010, we reported another injection of an Amnesty International website, this time the Hong Kong site.



Canada’s Cybercrime Report Card: Better or Worse in 2012?

Posted: 10 May 2012 09:39 PM | Patrik Runald | no comments

Last May 2011 , we conducted an analysis of Canada’s cyber security risk profile, which led to the discovery of a disturbing trend. Canada had become the newest breeding ground of cybercriminal activity. In the hopes that things would get better, we conducted an exact comparison of the same cybersecurity...


Pinning Down Pinterest

Posted: 04 May 2012 08:08 PM | RM | 1 comment(s)

There has been a lot of talk lately about Pinterest, the "virtual pinboard" that allows you to "organize and share all the beautiful things you find on the web." Pinterest uses online social networking to extend the ways you can share your images. Its mission statement reads: "Our...


The Institute for National Security Studies (Israel) falls prey to Poison Ivy infection

Posted: 02 May 2012 01:06 AM | Anonymous | no comments

The Websense® ThreatSeeker® Network has detected that the Institute for National Security Studies (INSS) website in Israel was injected with malicious code. INSS is described in its website as an independent academic institute that studies key issues relating to Israel's national security and Middle East affairs.


While we can't determine that the infection of this website with exploit code is part of a targeted attack, one could deduce that visitors to this type of site are likely to have an interest in national security or are occupied in this field. The website appears to be injected with malicious code for over a week now. (Websense' ACE provided protection against the type of injected malicious code since early 2009)


One of the interesting facts about this infection is that it uses the same Java exploit vector (CVE-2012-0507) that managed to infect around 600,000 Mac users in a massive scatter attack dubbed Flashback a few weeks ago.



Read more >