Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

Blackhole exploit kit tagged in these posts

Exploit Kits "Lacking P(a)unch"

Posted: 17 Dec 2013 12:30 AM | Ran Mosessco | no comments


Criminal groups formerly using the Blackhole exploit kit experiment with the Magnitude exploit kit, social engineering techniques, direct attachments, phishing, and fraud Overview Over the past two months, the criminal gangs that were using malicious email redirecting to the BlackHole exploit kit have...

Read more > 

Filed under: , , , , , ,

Royal Baby: Third in Line to the Throne, First in Line as a Threat Lure!

Posted: 24 Jul 2013 03:27 AM | Jason Hill | no comments


Following yesterday's news, the Duke and Duchess of Cambridge are now the proud parents of a baby boy and future heir to the British throne. Whilst they revel in the joy of being a family, cyber-criminals have predictably been busy delivering various malicious campaigns in order to piggy-back on the news.  The Websense ThreatSeeker® Intelligence Cloud has been tracking malicious cyber-campaigns that started in the hours following the official announcement that The Duchess of Cambridge was in labour.

...

Read more > 

Filed under: , , , ,

Fox News-themed Malicious Email Campaign [UPDATED]

Posted: 28 Jun 2013 02:23 AM | Jason Hill | no comments


Websense® Security Labs™ researchers, using our Websense ThreatSeeker® Intelligence Cloud, discovered an interesting malicious email campaign using spoofed email addresses from Fox News domains in an attempt to ultimately lure victims to websites hosting the Blackhole Exploit Kit. Should the exploit and compromise be successful, a malicious payload related to the Cridex family appears to be delivered which, as detailed in an earlier Websense Security Labs blog, is typically used to steal banking credentials as well as the exfiltration of personally identifiable information (PII) and other confidential data for criminal gain. These emails, discovered early on the morning of June 27th,  featured “breaking news” subjects and mimicked legitimate news content related to the US Military moving into Syria in order to entice the victim to 'click' on the malicious links. The campaign appears to have targeted a variety of industries and countries, as of 1600 PST on June 27th, the Websense ThreatSeeker® Intelligence Cloud had detected and blocked over 60,000 samples.

...

Read more > 

Filed under: , , , ,

Margaret Thatcher's Death Used in Cyber Attacks

Posted: 10 Apr 2013 03:39 AM | uwang | 1 comment(s)


As the world remembers former British Prime Minister Margaret Thatcher, cyber attackers are participating too, but in their own tricky ways. Websense® Security Labs™ and the Websense ThreatSeeker® Intelligence Cloud have detected that attackers are sending malicious email spam with a topic...

Read more > 

Filed under: , , , , ,

How are Java attacks getting through?

Posted: 25 Mar 2013 09:01 PM | Charles Renert | no comments


Were you aware that Java is increasingly being viewed as a security risk? Of course you were — recent high-profile attacks have firmly established the trend, so we're not going to do yet another roundup here. Instead, let's drill in and try to understand the core problem. With so many vulnerabilities...

Read more > 

Filed under: , , , , , , , ,

Breaking News: The Malicious USA Presidential Spam Campaign has Started

Posted: 10 Oct 2012 03:45 PM | Gianluca Giuliani |


 

The Websense® ThreatSeeker® Network has detected a spam campaign that tries to exploit recipients' interest in the current presidential campaign in the US.  Specifically, we have detected thousands of emails with this kind of content:

 

 

As noted recently,  we are seeing an increasing number of spam campaigns with malicious links that lead to BlackHole exploit pages. 

 

...

Read more > 

Filed under: , ,

Voice Mail Notifications and ADP Emails Lead to Blackhole Exploit Kit

Posted: 13 Sep 2012 02:00 PM | Ran Mosessco | 1 comment(s)


Since Blackhole Exploit Kit 2.0 was recently introduced, we wanted to give our readers a few examples of how they might get exposed to this threat through email. Websense® ThreatSeeker® Network has recently intercepted a few malicious email campaigns that try to lure the victims to Web pages...

Read more > 

Filed under: , ,

Fake ‘Amazon order’ email exploits recent Java vulnerability CVE 2012-4681

Posted: 02 Sep 2012 09:44 PM | Xue Yang | 1 comment(s)


Following our recent blog posts regarding the propagation of Java vulnerability CVE-2012-4681 (New Java 0-day used in small number of attacks) and its subsequent inclusion in the infamous Blackhole Exploit Kit (New Java 0-day added to Blackhole Exploit Kit),  the Websense® ThreatSeeker® Network has detected a new malicious email campaign purporting to be an order verification email from Amazon directing victims to a page containing the recent Java exploit.

...

Read more > 

Filed under: , , ,