Websense® Security Labs™ ThreatSeeker® Intelligence Cloud has identified a LinkedIn profile configured to use social engineering techniques in order to target fellow LinkedIn users. Here at Websense we refer to The 7 Stages of Advanced Attacks. This model of describing the kill chain discusses Stage 1: Reconnaissance - the act of uncovering information that will facilitate the attacker to conduct a later, more successful attack . We believe that this particular campaign may be a precursor to a more specialized targeted attack.
An ongoing, large-scale injection campaign has been raging for the
last 6 months. This campaign utilises a toolkit, dubbed CookieBomb (due
apathy toward a particular platform, but also the code used in the
injections, and way in which it has evolved to escape and evade
traditional AV platforms and structures. This blog will:
Many of our colleagues, customers and readers would have now enjoyed their fill of turkey and pumpkin pie for Thanksgiving and are preparing for a second day of festivities with the arrival of Black Friday. This traditionally, for North American retailers and consumers, marks the start of the holiday shopping season and although it is not observed for many as a national holiday, more and more retailers across the globe are launching Black Friday promotions in order to entice consumers and increase sales. Additionally, given that Black Friday is typically a physical 'bricks-and-mortar' retail affair, online retailers seek to continue the shopping frenzy with additional offers, promotions and sales with Cyber Monday, a marketing term coined in 2005 by Shop.org.
The Websense® ThreatSeeker® Network has detected a spam campaign that tries to exploit recipients' interest in the current presidential campaign in the US. Specifically, we have detected thousands of emails with this kind of content:
As noted recently, we are seeing an increasing number of spam campaigns with malicious links that lead to BlackHole exploit pages.
Here at Websense® Security Labs, we often blog about big malicious campaigns and how our products protect our customers from them. But what about smaller campaigns that are no less dangerous?
Broad campaigns often spoof notifications from well-known businesses, establishments, organizations, and agencies, and are very widespread these days. However, smaller volume campaigns sometimes can be as (or even more) dangerous by bypassing the victim's defenses.
Last week, the Websense ThreatSeeker® Network intercepted one such campaign. This small-volume, malicious campaign targeted businesses with legitimate-looking email that refer to items like purchase orders, quotes, and supply information. All of these email had attachments that install variants of the popular Zeus malware on the victim's computer.
Websense Cloud Email Security quarantined these email as containing a potential virus before most of the malicious attachments were detected by antivirus (AV) engines. ACE, our Advanced Classification Engine, provides the extra layers of protection that help Websense Cloud Email Security protect customers against a wide array of threats.
Spamer are using fake booking.com email addresses to send hotel reservation confirmation to spread malwares and Websense ThreatScope Analysis detected all the specific behavior of the malwares from the attachment of emails:
InfoSecurity Magazine recently published an article on the discovery of SEO poisoning on a web domain owned by the United Nations. The source of the discovery? Websense®Security Researcher Amon Sanniez. Sanniez blogged about the black hat SEO attack on May 27 – he highlighted that the sub-domain under attack was the Sustainable Energy Finance Initiative site of the United Nations. The domain appeared to be compromised by a number of medical spam-related URLs, most of which are compromised sites themselves. Branded drug names such as ‘Viagra’ and ‘Levitra’ were embedded in the code to help result in higher search engine ranking - a classic SEO poisoning tactic.. While most mainstream search engines like Google are aware of these tricks, Sanniez argues that some attacks do slip through the cracks.
"Like most black hat SEO attacks on compromised sites, the site tends to look perfectly fine, and there is no indication that the site has been compromised” –Amon Sanniez, Associate Security Researcher
Why is this significant? Remember the statistic from the Websense Security Labs™2010 Threat Report, which reports that almost 80% of cybercrime scams are on compromised legitimate web servers. Attacks are growing more and more advanced every day – and it’s getting harder for simple security software to detect them. Find out how to prevent the possibility of your organization falling victim to these attacks here.
This morning I spoke with the BBC News to discuss possible explanations about why spam levels appear to be falling in recent months. Are spammers re-grouping? Are they simply moving from targeting email to social media? Click here to read the full BBC News article.
In 2010, Websense Security Labs found that 89.9% of all unwanted emails contained links to spam sites or malicious websites —an increase of 4% over 2009. However, there have been signs that spammers are turning to alternative methods other than e-mail for distributing their messages - such as Facebook and Twitter. As long as spammers can generate a profit from their activities, email spam isn’t going away, and will continue to be spread to other profitable areas, including social media. Check out our recent Threat Report, for more details.
It’s important that individuals, organizations, and celebrities protect their Facebook page and blogs from spam and malicious content. Free for individuals, our Defensio product helps brands protect their reputation and maintain their fans’ trust, by analyzing, classifying and removing unsavory user-generated content (whether it is malicious, spam, or even profanity).
Have any questions/comments? Let me know...
Follow us on SpiceWorks
We want to hear from you!