Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(September 2012) Posts

BBB malicious spam flood

Posted: 24 Sep 2012 07:12 AM | Anonymous | no comments

US and Canadian businesses looking to maintain their reputation and effectively handle customer disputes are once again being targeted by another barrage of malicious BBB (Better Business Bureau) complaint notifications.

Whilst BBB campaigns have been circulating for a good many years, for example this 2008 certificate scam, the Websense® ThreatSeeker® Network has detected and intercepted a marked increase in BBB malicious email this month. Earlier in September, the Websense® ThreatSeeker® Network was/is protecting customers from thousands of malicious mails each day, today this has exponentially grown to protect our customers from hundreds of thousands of BBB emails per hour!


In an attempt to look authentic, the message includes an official graphic from the BBB website but, as often the case with malicious email campaigns, includes suspicious grammar: "about your company possible involvement in check cashing and Money Order Scam."



Fake 'KLM e-Ticket' attempts to install backdoor

Posted: 21 Sep 2012 04:16 AM | Carl Leonard | no comments

Fake airline e-ticket emails containing malicious attachments are far from new. However, the Websense® ThreatSeeker® Network has detected a significant campaign purporting to originate from KLM, the Dutch flagship airline. We estimate we intercepted more than 850,000 messages from this campaign on Monday, September 17, alone.


Each malicious message, with a subject 'KLM e-Ticket', appears to use a legitimate KLM e-ticket layout, but itinerary information is not displayed. Instead, users are enticed to view the itinerary in an attachment and subsequently risk compromising their machines. Although this scam does not specifically target KLM customers, those who have made recent ticket purchases as well as recipients who may fear that an unauthorized credit card purchase has been made could fall victim. Websense customers are protected from this and other threats by ACE™, our Advanced Classification Engine.



Internet Explorer zero-day vulnerability

Posted: 18 Sep 2012 06:13 AM | Patrik Runald | 4 comment(s)

A new vulnerability found in Microsoft Internet Explorer affects Internet Explorer versions 6, 7, 8, and 9. The vulnerability allows attackers to execute code on a machine by just having the user visit a malicious website. This can happen, for example, when the user is tricked into clicking a link in...


Blackhole Exploit Kit updates to 2.0

Posted: 13 Sep 2012 12:19 AM | Chris Astacio | no comments

Here at Websense Security Labs, we like to keep our ears to the ground to listen carefully for new threats. Yesterday, another researcher blog announced that there was a new version of the infamous Blackhole exploit kit . The advertisement for the new version of Blackhole was posted on an underground...


Fake ‘Amazon order’ email exploits recent Java vulnerability CVE 2012-4681

Posted: 02 Sep 2012 09:44 PM | Xue Yang | 1 comment(s)

Following our recent blog posts regarding the propagation of Java vulnerability CVE-2012-4681 (New Java 0-day used in small number of attacks) and its subsequent inclusion in the infamous Blackhole Exploit Kit (New Java 0-day added to Blackhole Exploit Kit),  the Websense® ThreatSeeker® Network has detected a new malicious email campaign purporting to be an order verification email from Amazon directing victims to a page containing the recent Java exploit.


Read more >