Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

View all posts > 

Filtered by : Rogue AV

I have the latest WordPress version - is my Website protected?

Posted: 13 Mar 2012 04:00 | Tamas Rudnai


A few days ago, Websense® SecurityLabs™ detected a large-scale malware campaign mainly targeting WordPress pages. We have received many questions about who and which websites are in danger and how to protect against this attack. While many forum posts and comments speculate that outdated WordPress versions are at fault, unfortunately, we found that this is not true. We dug a bit into this subject and analyzed 30,000 domains to see what types and versions of CMS (Content Management System) have been compromised so far.

...

Read more > 

Filed under: , , ,

no comments

New Mass Injection Wave of WordPress Websites on the Prowl

Posted: 05 Mar 2012 08:00 | uwang


 

The Websense® ThreatSeeker® Network has detected a new wave of mass-injections of a well-known exploit that we've been following in Security LabsTM for months. The majority of targets are Web sites hosted by the WordPress content management system. At the time of writing, more than 200,000 Web pages have been compromised, amounting to close to 30,000 unique Web sites (hosts). The injection hijacks visitors to the compromised sites and rediects them to rogue AV sites that attempt to trick them into downloading and installing a Trojan onto their computer. 

 

The injected code is very short and is placed at the bottom of the page, just before </body> tag.

 

 

...

Read more > 

Filed under: , ,

13 comment(s)

What's More Scary, Hurricanes or Black Holes?

Posted: 20 Sep 2011 08:52 PM | Ran Mosessco


By now, it has become somewhat of a cliché to mention how cyber-criminals try to exploit the latest hot topics to lure victims to malicious content. The recent hurricane scares, however, provided an example that we found interesting. A few weeks ago, Websense Security Labs and the Websense ThreatSeeker® Network came across an email campaign that redirected users to Web pages downloading rogue AV via the Blackhole exploit kit.

Websense Email Security and Websense Web Security protect against this kind of blended threat with ACE, our Advanced Classification Engine.

This post examines how various vectors (email and Web) lead to Blackhole exploit kits and rogue AV, all hosted on a single IP address.

It also shows how some messages from the same email campaign, as well as similar variants, lead to pharmaceutical sites related to the "Yambo Family" group of Web sites.

...

Read more > 

Filed under: , , ,

no comments

Does Mac OS X Need Protection?

Posted: 07 Jul 2011 03:00 PM | Anonymous


Over the last couple of months, the concern of whether Mac OS X has become a greater target for attackers has grown, and rightfully so. The Mac OS X market share has steadily increased, and is currently well above 10 percent . From the attackers standpoint, what it always comes down to is dollars. At...

Read more > 

Filed under: ,

3 comment(s)

Malicious E-Cards on the prowl

Posted: 26 Apr 2011 09:14 PM | Mary Grace Timcang


Emails disguised as electronic cards have been used as bait over and over again for malicious intent. The fact that they are overused is a clear indicator that this lure indeed works. Websense Security Labs™ and the Websense ThreatSeeker® Network recently came across an e-card themed email...

Read more > 

Filed under: , ,

no comments

Veteran's Day spurs Poisoned Search

Posted: 10 Nov 2010 11:58 PM | Mary Grace Timcang


Today is Veteran's Day and like any other holidays, black hat SEO and spam emails have been visible since Monday this week. Websense customers are protected against this attack through our Advanced Classification Engine . Search terms like veteran's day , veteran's day 2010 , veteran's...

Read more > 

Filed under: ,

no comments