Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

View all posts > 

Filtered by : Research

New Phishing Research: 5 Most Dangerous Email Subjects, Top 10 Hosting Countries

Posted: 11 Dec 2013 09:03 AM | Elisabeth Olsen


With cloud infrastructure easily scalable and rented botnets coming on the cheap, the cost of conducting massive phishing campaigns continues to decline for cybercriminals. Even if the return rate is small or the campaign is poorly executed, phishing can result in serious money for criminals. Phishing will never simply go away—meaning ongoing headaches for security professionals.

...

Read more > 

Filed under: , , ,

no comments

Majority of Users Still Vulnerable to Java Exploits

Posted: 03 Jun 2013 09:00 PM | Carl Leonard


Throughout the last 6 weeks, Websense® Security Labs™ has been collecting telemetry from our Websense ThreatSeeker® Intelligence Cloud to provide insight into usage of the most recent version of Java. Following our March 2013 study that looked at what versions of Java are being used, we saw that almost 93% of users are still not patched to the most recent version of Java. This leaves the majority of users still vulnerable to the dangers of exploit code already in use in the wild

...

Read more > 

Filed under: , , ,

no comments

2013 Threat Report: More Than Scary Stats and Chilling Charts

Posted: 13 Feb 2013 08:30 AM | Carl Leonard


The 2013 Threat Report from the Websense® Security Labs™ is now available.

 

The report details mobile, social, email and web-based threats, and while it is full of ominous data points, it is a very interesting read. The report is designed to help security professionals keep current with threat trends and improve the effectiveness of existing security solutions. It can also be used to identify and prioritize security gaps that may require new approaches and more innovative strategies.

 

Creating the report began with the ThreatSeeker® Network, composed of big data clusters used by the WSL to collect and manage up to 5 billion inputs each day from 900 million global endpoints. Malware samples, mobile applications, email content, web links and other information were then passed through deep analysis processes including our Advanced Classification Engine (ACE), which applied over 10,000 different analytics.

 

...

Read more > 

Filed under: , , , , , , , , , , , , , ,

no comments

Sharing the Experience of Deobfuscating a Trojan

Posted: 20 Dec 2012 09:34 AM | lli


Thanks to the Websense® ThreatSeeker® Network, we discovered another interesting case involving a malicious Web Trojan and analyzed it. Let’s share our deobfuscation experience. The first step was to identify the location of the malicious code, shown in the red pane of the following image...

Read more > 

Filed under:

no comments

The Strange Case of the inte1sat Domain Name

Posted: 20 Nov 2012 01:33 AM | Gianluca Giuliani


 

Thanks to the Websense® ThreatSeekerTM Network, Websense Security Labs recently detected an unusual domain name that we have analyzed. The domain name, "inte1sat", substitutes the number "1" for the lower case letter "l", an example of "leet" substitution that surfaced in the 1980s and is still used today. (Leet is a method of constructing words by substituting numbers for letters.)

 


The first step in our investigation was to look into the content of the URL: hxxp://www.inte1sat.com:

 

 

 

 

As so often happens, the content revealed what appeared to be another Java exploit attempt. We decided to set aside content analysis for the moment and investigate instead the domain name spelled in its normal alpha-English form: "Intelsat.com". Googling Intelsat.com we learned that it is a company involved in satellite technologies and satellite-enabled services (including IP trunking, telecommunications, and more).

 

...

Read more > 

Filed under: ,

no comments

Raising DNSchanger Malware Awareness

Posted: 05 Jul 2012 08:42 PM | Mary Grace Timcang


The cyber trenches are awash today with news of DNSchanger malware. This is to elevate previous efforts to alert the public about the possibility that they could lose their internet services this coming Monday, July 9. DNSchanger malware takes control of a user's DNS, which cyber criminals use to...

Read more > 

Filed under: , ,

no comments

Dissecting Cleartrip.com website compromise: Malicious ad tactics uncovered

Posted: 29 Jun 2012 12:01 PM | Elad Sharf


The Websense ® ThreatSeeker ® Network discovered on June 27, 2012, that one of the most popular travel websites in India, cleartrip.com, was compromised and served malicious code. The website was informed of this breach and no longer serves malicious code. In this blog, we'd like to share...

Read more > 

Filed under: , , , , ,

10 comment(s)

Does Mac OS X Need Protection?

Posted: 07 Jul 2011 03:00 PM | Anonymous


Over the last couple of months, the concern of whether Mac OS X has become a greater target for attackers has grown, and rightfully so. The Mac OS X market share has steadily increased, and is currently well above 10 percent . From the attackers standpoint, what it always comes down to is dollars. At...

Read more > 

Filed under: ,

3 comment(s)