Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

View all posts > 

Filtered by : Malicious emails, Rogue AV

What's More Scary, Hurricanes or Black Holes?

Posted: 20 Sep 2011 08:52 PM | Ran Mosessco


By now, it has become somewhat of a cliché to mention how cyber-criminals try to exploit the latest hot topics to lure victims to malicious content. The recent hurricane scares, however, provided an example that we found interesting. A few weeks ago, Websense Security Labs and the Websense ThreatSeeker® Network came across an email campaign that redirected users to Web pages downloading rogue AV via the Blackhole exploit kit.

Websense Email Security and Websense Web Security protect against this kind of blended threat with ACE, our Advanced Classification Engine.

This post examines how various vectors (email and Web) lead to Blackhole exploit kits and rogue AV, all hosted on a single IP address.

It also shows how some messages from the same email campaign, as well as similar variants, lead to pharmaceutical sites related to the "Yambo Family" group of Web sites.

...

Read more > 

Filed under: , , ,

no comments

Can rogue AV ever be legitimate?

Posted: 21 Sep 2010 09:04 AM | Mary Grace Timcang


Over the past year, the prevalence of search results laced with rogue AV seemed to never end. Whether the search was about celebrity, politics, calamity, or anything that was hot and trending, blackhat SEO was sure to follow. Now, search engines are being more proactive in producing safer search results...

Read more > 

Filed under: , ,

no comments

You have Rogue Mail!

Posted: 06 Aug 2010 05:17 PM | Mary Grace Timcang


Websense Security Labs™ ThreatSeeker™ Network has detected thousands of malicious emails purporting to be from big-brand companies like Target, Macy’s, Best Buy, and Evite. We blogged about the different attack strategies that malicious authors have been using in their recent tax-themed...

Read more > 

Filed under: , ,

no comments

Reset your Twitter Password malicious spam

Posted: 03 Jun 2010 11:18 AM | Mary Grace Timcang


Websense® Security Labs™ ThreatSeeker™ Network has detected a spam posing as a Twitter Password Reset Notification. We have seen about 55,000 instances of this malicious spam email so far. The spam contains a link to a compromised Web site that, when clicked or pasted into the browser...

Read more > 

Filed under: , ,

no comments