Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

View all posts > 

Filtered by : Spam

The Bitly API key and MSNBC unvalidated redirects

Posted: 21 Jul 2014 08:00 | Pietro Bempos


Websense Security Labs™ has observed a spam/fraud campaign whereby a user is redirected from a real news site to a fake news site. In this case the real site is msnbc.com, which belongs to the well-known cable and satellite channel MSNBC. We have discovered that cyber criminals appear to have gained...

Read more > 

Filed under: , ,

no comments

LinkedIn Lure Looking for Love-ly Profiles, Possibly More

Posted: 31 Oct 2013 01:15 | Carl Leonard


Websense® Security Labs™ ThreatSeeker® Intelligence Cloud has identified a LinkedIn profile configured to use social engineering techniques in order to target fellow LinkedIn users.  Here at Websense we refer to The 7 Stages of Advanced Attacks.  This model of describing the kill chain discusses Stage 1: Reconnaissance - the act of uncovering information that will facilitate the attacker to conduct a later, more successful attack .  We believe that this particular campaign may be a precursor to a more specialized targeted attack.

...

Read more > 

Filed under: , , , ,

no comments

Evolution of the CookieBomb toolkit

Posted: 29 Oct 2013 03:00 | Drendell_


An ongoing, large-scale injection campaign has been raging for the last 6 months. This campaign utilises a toolkit, dubbed CookieBomb (due to its signature use of cookies), which is fascinating not only in its apathy toward a particular platform, but also the code used in the injections, and way in which it has evolved to escape and evade traditional AV platforms and structures. This blog will:

  • describe the evolution of not only the raw code involved in these attacks, but also the delivery mechanisms with which users are lured to infected, or outright malicious, pages
  • implicitly highlight the interaction between, and quid pro quo nature of, major threat-actors within the malware ecosphere
  • describe the use of session Cookies and the etymology of the toolkit name: CookieBomb
  • outline the use of CookieBomb to drive traffic toward EK infrastructure, directly or via TDS systems
  • cover the migration from  BHEK to competing EKs in light of the BHEK author's arrest
  • detail the point at which the campaign forked into two distinct entities
...

Read more > 

Filed under: , , ,

no comments

2013 Threat Report: More Than Scary Stats and Chilling Charts

Posted: 13 Feb 2013 08:30 | Carl Leonard


The 2013 Threat Report from the Websense® Security Labs™ is now available.

 

The report details mobile, social, email and web-based threats, and while it is full of ominous data points, it is a very interesting read. The report is designed to help security professionals keep current with threat trends and improve the effectiveness of existing security solutions. It can also be used to identify and prioritize security gaps that may require new approaches and more innovative strategies.

 

Creating the report began with the ThreatSeeker® Network, composed of big data clusters used by the WSL to collect and manage up to 5 billion inputs each day from 900 million global endpoints. Malware samples, mobile applications, email content, web links and other information were then passed through deep analysis processes including our Advanced Classification Engine (ACE), which applied over 10,000 different analytics.

 

...

Read more > 

Filed under: , , , , , , , , , , , , , ,

no comments

Personalized Letters From "Scamta" Claus

Posted: 30 Nov 2012 09:21 | Carl Leonard


With Christmas fast approaching, the Websense® ThreatSeeker™ network, replete with festive sleigh bells and twinkling lights, has detected a marked increase in spam emails seeking to exploit fans of the big man himself: Santa Claus. Whilst Santa, along with his ever loyal team of elves, reindeer and of course Mrs Claus, are no doubt working their way through the mountain of letters and wish lists from the world’s good little boys and girls, some bad little boys and girls are looking to capitalize on his backlog of correspondence by claiming to offer alternative services thus ensuring that your ‘little ones’ receive personalized responses.

 

...

Read more > 

Filed under: ,

no comments

Black Friday/Cyber Monday Survival Guide

Posted: 23 Nov 2012 01:00 | Carl Leonard


Many of our colleagues, customers and readers would have now enjoyed their fill of turkey and pumpkin pie for Thanksgiving and are preparing for a second day of festivities with the arrival of Black Friday.  This traditionally, for North American retailers and consumers, marks the start of the holiday shopping season and although it is not observed for many as a national holiday, more and more retailers across the globe are launching Black Friday promotions in order to entice consumers and increase sales.  Additionally, given that Black Friday is typically a physical 'bricks-and-mortar' retail affair, online retailers seek to continue the shopping frenzy with additional offers, promotions and sales with Cyber Monday, a marketing term coined in 2005 by Shop.org.

...

Read more > 

Filed under: , , , , ,

no comments

Breaking News: The Malicious USA Presidential Spam Campaign has Started

Posted: 10 Oct 2012 03:45 PM | Gianluca Giuliani


 

The Websense® ThreatSeeker® Network has detected a spam campaign that tries to exploit recipients' interest in the current presidential campaign in the US.  Specifically, we have detected thousands of emails with this kind of content:

 

 

As noted recently,  we are seeing an increasing number of spam campaigns with malicious links that lead to BlackHole exploit pages. 

 

...

Read more > 

Filed under: , ,

Phishing for Apple IDs

Posted: 08 Oct 2012 03:27 PM | Gianluca Giuliani


The Websense® ThreatSeeker® Network has detected a phishing campaign whose potential victims are holders of an Apple ID account. An Apple ID allows you to buy new apps, make a customer workshop reservation at an Apple Retail Store, or buy music and multimedia content from the iTunes Store. You...

Read more > 

Filed under: ,

no comments

When Less is More: The Growing Impact of Low-Volume Email Attacks

Posted: 05 Oct 2012 01:00 | Ran Mosessco


Here at Websense® Security Labs, we often blog about big malicious campaigns and how our products protect our customers from them. But what about smaller campaigns that are no less dangerous? 

 

Broad campaigns often spoof notifications from well-known businesses, establishments, organizations, and agencies, and are very widespread these days. However, smaller volume campaigns sometimes can be as (or even more) dangerous by bypassing the victim's defenses.

 

Last week, the Websense ThreatSeeker® Network intercepted one such campaign. This small-volume, malicious campaign targeted businesses with legitimate-looking email that refer to items like purchase orders, quotes, and supply information. All of these email had attachments that install variants of the popular Zeus malware on the victim's computer.

 

Websense Cloud Email Security quarantined these email as containing a potential virus before most of the malicious attachments were detected by antivirus (AV) engines. ACE, our Advanced Classification Engine, provides the extra layers of protection that help Websense Cloud Email Security protect customers against a wide array of threats.

...

Read more > 

Filed under: , ,

no comments