Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(September 2012) Posts

BBB malicious spam flood

Posted: 24 Sep 2012 07:12 AM | Artem Gololobov | no comments


US and Canadian businesses looking to maintain their reputation and effectively handle customer disputes are once again being targeted by another barrage of malicious BBB (Better Business Bureau) complaint notifications.


Whilst BBB campaigns have been circulating for a good many years, for example this 2008 certificate scam, the Websense® ThreatSeeker® Network has detected and intercepted a marked increase in BBB malicious email this month. Earlier in September, the Websense® ThreatSeeker® Network was/is protecting customers from thousands of malicious mails each day, today this has exponentially grown to protect our customers from hundreds of thousands of BBB emails per hour!

 

In an attempt to look authentic, the message includes an official graphic from the BBB website but, as often the case with malicious email campaigns, includes suspicious grammar: "about your company possible involvement in check cashing and Money Order Scam."

...

Read more > 

Filed under:

Fake 'KLM e-Ticket' attempts to install backdoor

Posted: 21 Sep 2012 04:16 AM | Carl Leonard | no comments


Fake airline e-ticket emails containing malicious attachments are far from new. However, the Websense® ThreatSeeker® Network has detected a significant campaign purporting to originate from KLM, the Dutch flagship airline. We estimate we intercepted more than 850,000 messages from this campaign on Monday, September 17, alone.

 

Each malicious message, with a subject 'KLM e-Ticket', appears to use a legitimate KLM e-ticket layout, but itinerary information is not displayed. Instead, users are enticed to view the itinerary in an attachment and subsequently risk compromising their machines. Although this scam does not specifically target KLM customers, those who have made recent ticket purchases as well as recipients who may fear that an unauthorized credit card purchase has been made could fall victim. Websense customers are protected from this and other threats by ACE™, our Advanced Classification Engine.

...

Read more > 

Filed under:

Internet Explorer zero-day vulnerability

Posted: 18 Sep 2012 06:13 AM | Patrik Runald | 4 comment(s)


A new vulnerability found in Microsoft Internet Explorer affects Internet Explorer versions 6, 7, 8, and 9. The vulnerability allows attackers to execute code on a machine by just having the user visit a malicious website. This can happen, for example, when the user is tricked into clicking a link in...

Read more > 

Filed under:

Voice Mail Notifications and ADP Emails Lead to Blackhole Exploit Kit

Posted: 13 Sep 2012 02:00 PM | Ran Mosessco | 1 comment(s)


Since Blackhole Exploit Kit 2.0 was recently introduced, we wanted to give our readers a few examples of how they might get exposed to this threat through email. Websense® ThreatSeeker® Network has recently intercepted a few malicious email campaigns that try to lure the victims to Web pages...

Read more > 

Filed under: , ,

Blackhole Exploit Kit updates to 2.0

Posted: 13 Sep 2012 12:19 AM | Chris Astacio | no comments


Here at Websense Security Labs, we like to keep our ears to the ground to listen carefully for new threats. Yesterday, another researcher blog announced that there was a new version of the infamous Blackhole exploit kit . The advertisement for the new version of Blackhole was posted on an underground...

Read more > 

Fake ‘Amazon order’ email exploits recent Java vulnerability CVE 2012-4681

Posted: 02 Sep 2012 09:44 PM | Xue Yang | 1 comment(s)


Following our recent blog posts regarding the propagation of Java vulnerability CVE-2012-4681 (New Java 0-day used in small number of attacks) and its subsequent inclusion in the infamous Blackhole Exploit Kit (New Java 0-day added to Blackhole Exploit Kit),  the Websense® ThreatSeeker® Network has detected a new malicious email campaign purporting to be an order verification email from Amazon directing victims to a page containing the recent Java exploit.

...

Read more > 

Filed under: , , ,