Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(August 2012) Posts

Oracle release Java 1.7.0_07 to fix CVE-2012-4681

Posted: 30 Aug 2012 07:26 PM | Patrik Runald | no comments

Oracle did what all of us were hoping they would do - release an out-of-band patch for the latest Java zero-day vulnerability. The new version of Java, 1.7.0_07 and 1.6.0_35, both fix the vulnerabilities mentioned in CVE-2012-4681 that we've blogged about here and here . We have tried the patch and...


Filed under:

Shamoon/DistTrack affecting energy sector

Posted: 16 Aug 2012 09:42 PM | Patrik Runald | no comments

Today news broke that at least one organization in the energy sector was hit by malware named Shamoon or DistTrack. We’ve been looking at the related malware samples and can confirm that Websense products that have our Advanced Classification Engine (ACE) have had proactive detection in place since...


Filed under: ,

London Olympics Search Results Lead to Objectionable Sites

Posted: 10 Aug 2012 05:58 PM | Elisabeth Olsen | no comments

We’ve previously blogged about Olympic ticket scams , phishing , malware designed to propagate through social networking, and other Olympic security concerns . We also know that hackers take advantage of people searching for breaking news and trending topics about the Olympics through various SEO...


Filed under: ,

Nepalese government websites compromised to serve Zegost RAT

Posted: 08 Aug 2012 10:36 AM | Anonymous | no comments


The Websense® ThreatSeeker® Network has detected that two Nepalese government websites, the National Information Technology Center (NITC) and the Office of the Prime Minister and Council Minister (nitc.gov.np and opmcm.gov.np respectively), have been compromised and injected with malicious code that tries to exploit the Java vulnerability CVE-2012-0507. The aim of this injection is to install, through successfully exploiting that Java weakness, a backdoor that is also dubbed "Zegost" on the systems of visitors to these websites.


This vulnerability (CVE-2012-0507) was also used in the Amnesty International UK website compromise and in the INSS website compromise that we reported a few months back. It's interesting to note that all those compromises had injected code that was taken from the Metasploit framework, served in clear form, and not obfuscated. Although the use of code from the Metasploit framework doesn't necessarily indicate a link between all the compromises, we found further common characteristics between the compromises of the Amnesty UK website and the Nepalese government website by analyzing the backdoor C&C points when we noticed that they connected to the same domain in China. 




Filed under: , , , , ,