Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

View all posts > 

Filtered by : Mass Injection

'GWload' - The 'Social Engineering' Based Mass Injection Making Its Rounds

Posted: 28 Oct 2013 07:30 PM | Elad Sharf


Websense® Security Labs™ ThreatSeeker® Intelligence Cloud has identified that a new mass injection campaign is making its rounds, compromising and injecting content into tens of thousands of legitimate websites. This campaign is an evolution and expansion of an existing injection campaign...

Read more > 

Filed under: , , ,

no comments

2013 Threat Report: More Than Scary Stats and Chilling Charts

Posted: 13 Feb 2013 08:30 AM | Carl Leonard


The 2013 Threat Report from the Websense® Security Labs™ is now available.

 

The report details mobile, social, email and web-based threats, and while it is full of ominous data points, it is a very interesting read. The report is designed to help security professionals keep current with threat trends and improve the effectiveness of existing security solutions. It can also be used to identify and prioritize security gaps that may require new approaches and more innovative strategies.

 

Creating the report began with the ThreatSeeker® Network, composed of big data clusters used by the WSL to collect and manage up to 5 billion inputs each day from 900 million global endpoints. Malware samples, mobile applications, email content, web links and other information were then passed through deep analysis processes including our Advanced Classification Engine (ACE), which applied over 10,000 different analytics.

 

...

Read more > 

Filed under: , , , , , , , , , , , , , ,

no comments

I have the latest WordPress version - is my Website protected?

Posted: 13 Mar 2012 04:00 AM | Tamas Rudnai


A few days ago, Websense® SecurityLabs™ detected a large-scale malware campaign mainly targeting WordPress pages. We have received many questions about who and which websites are in danger and how to protect against this attack. While many forum posts and comments speculate that outdated WordPress versions are at fault, unfortunately, we found that this is not true. We dug a bit into this subject and analyzed 30,000 domains to see what types and versions of CMS (Content Management System) have been compromised so far.

...

Read more > 

Filed under: , , ,

no comments

New Mass Injection Wave of WordPress Websites on the Prowl

Posted: 05 Mar 2012 08:00 AM | uwang


 

The Websense® ThreatSeeker® Network has detected a new wave of mass-injections of a well-known exploit that we've been following in Security LabsTM for months. The majority of targets are Web sites hosted by the WordPress content management system. At the time of writing, more than 200,000 Web pages have been compromised, amounting to close to 30,000 unique Web sites (hosts). The injection hijacks visitors to the compromised sites and rediects them to rogue AV sites that attempt to trick them into downloading and installing a Trojan onto their computer. 

 

The injected code is very short and is placed at the bottom of the page, just before </body> tag.

 

 

...

Read more > 

Filed under: , ,

13 comment(s)

SOURCE Boston 2011 Conference RECAP

Posted: 27 Apr 2011 05:46 PM | Anonymous


I returned this past weekend from SOURCE Boston , where I presented the new features and architecture of Fireshark v2. I have had the opportunity to speak at many conferences before, but this was my first time doing so in my university town of Boston ( Northeastern ), and my first time speaking at SOURCE...

Read more > 

Filed under: , , , , , ,

no comments

Mass Injections Leading to g01pack Exploit Kit

Posted: 19 Apr 2011 01:07 AM | Chris Astacio


Our ThreatSeeker® Network is constantly on the lookout to protect our customers from malicious attacks.  Recently it has detected a new injection attack which leads to an obscure web attack kit.  The injection has three phases which will be covered in this blog post. Websense customers are protected from this attack by ACE, our Advanced Classification Engine.

...

Read more > 

Filed under: , , ,

1 comment(s)

Update on LizaMoon mass-injection and Q&A

Posted: 31 Mar 2011 01:03 PM | Patrik Runald


The LizaMoon mass-injection campaign is still ongoing and more than 500,000 pages have a script link to lizamoon.com according to preliminary Google Search results. We have also been able to identify several other URLs that are injected in the exact same way, so the attack is even bigger than we originally...

Read more > 

Filed under: , ,

50 comment(s)