The Bitly API key and MSNBC unvalidated redirects
Posted: Monday, July 21, 2014 8:00 AM by Pietro Bempos
Websense Security Labs™ has observed a spam/fraud campaign whereby a user is redirected from a real news site to a fake news site. In this case the real site is, which belongs to the well-known cable and satellite channel MSNBC. We have...   Read more >
Filed under: , ,
Fake AV Asks for Subscription Renewals
Posted: Wednesday, January 29, 2014 3:00 PM by Anonymous
Cleaning up and re-imaging machines infected with rogue AV continues to take precious man-hours from security teams already saddled with increasing responsibility. While fake antivirus software (AV) has yielded the security headlines to exploit kits,...   Read more >
LinkedIn Lure Looking for Love-ly Profiles, Possibly More
Posted: Thursday, October 31, 2013 1:15 AM by Carl Leonard

Websense® Security Labs™ ThreatSeeker® Intelligence Cloud has identified a LinkedIn profile configured to use social engineering techniques in order to target fellow LinkedIn users.  Here at Websense we refer to The 7 Stages of Advanced Attacks.  This model of describing the kill chain discusses Stage 1: Reconnaissance - the act of uncovering information that will facilitate the attacker to conduct a later, more successful attack .  We believe that this particular campaign may be a precursor to a more specialized targeted attack.

...   Read more >
Evolution of the CookieBomb toolkit
Posted: Tuesday, October 29, 2013 3:00 AM by Anonymous

An ongoing, large-scale injection campaign has been raging for the last 6 months. This campaign utilises a toolkit, dubbed CookieBomb (due to its signature use of cookies), which is fascinating not only in its apathy toward a particular platform, but also the code used in the injections, and way in which it has evolved to escape and evade traditional AV platforms and structures. This blog will:

  • describe the evolution of not only the raw code involved in these attacks, but also the delivery mechanisms with which users are lured to infected, or outright malicious, pages
  • implicitly highlight the interaction between, and quid pro quo nature of, major threat-actors within the malware ecosphere
  • describe the use of session Cookies and the etymology of the toolkit name: CookieBomb
  • outline the use of CookieBomb to drive traffic toward EK infrastructure, directly or via TDS systems
  • cover the migration from  BHEK to competing EKs in light of the BHEK author's arrest
  • detail the point at which the campaign forked into two distinct entities
...   Read more >
SPAMfighter: Spam Mails Supposedly from Fox News Deliver Malicious Software
Posted: Monday, July 8, 2013 3:37 PM by April Tellez
Websense the security company warns about cyber-crooks who're attempting at duping Internet-users into downloading malware that steals information, by distributing fake news reports in e-mails, which supposedly arrive from Fox News the well-known...   Read more >
Black Friday/Cyber Monday Survival Guide
Posted: Friday, November 23, 2012 1:00 AM by Carl Leonard

Many of our colleagues, customers and readers would have now enjoyed their fill of turkey and pumpkin pie for Thanksgiving and are preparing for a second day of festivities with the arrival of Black Friday.  This traditionally, for North American retailers and consumers, marks the start of the holiday shopping season and although it is not observed for many as a national holiday, more and more retailers across the globe are launching Black Friday promotions in order to entice consumers and increase sales.  Additionally, given that Black Friday is typically a physical 'bricks-and-mortar' retail affair, online retailers seek to continue the shopping frenzy with additional offers, promotions and sales with Cyber Monday, a marketing term coined in 2005 by

...   Read more >
Have you heard about Operation Spear-Phish? Take the challenge.
Posted: Monday, October 29, 2012 10:38 AM by CommunityAdmin
Every week I hear cyber security teams say they’re worried about spear-phishing . They’re struggling to defend against them with their current technology. But to exacerbate matters, their users also struggle to understand how to spot a malicious...   Read more >
Breaking News: The Malicious USA Presidential Spam Campaign has Started
Posted: Wednesday, October 10, 2012 3:45 PM by Anonymous


The Websense® ThreatSeeker® Network has detected a spam campaign that tries to exploit recipients' interest in the current presidential campaign in the US.  Specifically, we have detected thousands of emails with this kind of content:



As noted recently,  we are seeing an increasing number of spam campaigns with malicious links that lead to BlackHole exploit pages. 


...   Read more >
What is Scaring Businesses the Most? Spear-phishing. New Websense Security Labs Research
Posted: Tuesday, October 9, 2012 4:58 AM by Patrik Runald
Spear-phishing is a huge concern for today’s government and enterprises. While high profile attacks like last week’s spear-phishing attack against the White House and last year’s attack against Oak Ridge National Laboratory underscore...   Read more >
Phishing for Apple IDs
Posted: Monday, October 8, 2012 3:27 PM by Anonymous
The Websense® ThreatSeeker® Network has detected a phishing campaign whose potential victims are holders of an Apple ID account. An Apple ID allows you to buy new apps, make a customer workshop reservation at an Apple Retail Store, or buy music...   Read more >
Filed under: ,
When Less is More: The Growing Impact of Low-Volume Email Attacks
Posted: Friday, October 5, 2012 1:00 AM by Ran Mosessco

Here at Websense® Security Labs, we often blog about big malicious campaigns and how our products protect our customers from them. But what about smaller campaigns that are no less dangerous? 


Broad campaigns often spoof notifications from well-known businesses, establishments, organizations, and agencies, and are very widespread these days. However, smaller volume campaigns sometimes can be as (or even more) dangerous by bypassing the victim's defenses.


Last week, the Websense ThreatSeeker® Network intercepted one such campaign. This small-volume, malicious campaign targeted businesses with legitimate-looking email that refer to items like purchase orders, quotes, and supply information. All of these email had attachments that install variants of the popular Zeus malware on the victim's computer.


Websense Cloud Email Security quarantined these email as containing a potential virus before most of the malicious attachments were detected by antivirus (AV) engines. ACE, our Advanced Classification Engine, provides the extra layers of protection that help Websense Cloud Email Security protect customers against a wide array of threats.

...   Read more >
Filed under: , ,
Magic Quadrant Finds Increase in Targeted Phishing Attacks
Posted: Tuesday, August 28, 2012 9:54 AM by CommunityAdmin
Leading analyst firm Gartner just released the 2012 Magic Quadrant for Secure Email Gateways (SEG) * and noted an uptick in targeted phishing attacks. The report states "Phishing attacks continue to oscillate, while more targeted phishing attacks...   Read more >
New spam delivers fake hotel reservations
Posted: Monday, July 23, 2012 8:26 PM by Hermes Li

Spamer are using fake email addresses to send hotel reservation confirmation to spread malwares and Websense  ThreatScope Analysis detected all the specific behavior of the malwares from the attachment of emails:

...   Read more >
Filed under: , ,
CSO on the Road: How a Remote Town in Romania Has Become Cybercrime Central
Posted: Friday, July 29, 2011 3:23 AM by Jason Clark
Recently, I was speaking with a CSO of a major corporation and the topic of how much money is made with cybercrime came up. Now, many of us talk about the proliferation of easily monetizable cybercrime, but because it is an invisible enemy, some people...   Read more >
InfoSecurity Magazine: United Nations domain attacked by black hat SEO
Posted: Tuesday, June 7, 2011 12:41 AM by Talia James

InfoSecurity Magazine recently published an article on the discovery of SEO poisoning on a web domain owned by the United Nations. The source of the discovery? Websense®Security Researcher Amon Sanniez. Sanniez blogged about the black hat SEO attack on May 27 – he highlighted that the sub-domain under attack was the Sustainable Energy Finance Initiative site of the United Nations. The domain appeared to be compromised by a number of medical spam-related URLs, most of which are compromised sites themselves. Branded drug names such as ‘Viagra’ and ‘Levitra’ were embedded in the code to help result in higher search engine ranking - a classic SEO poisoning tactic.. While most mainstream search engines like Google are aware of these tricks, Sanniez argues that some attacks do slip through the cracks.

"Like most black hat SEO attacks on compromised sites, the site tends to look perfectly fine, and there is no indication that the site has been compromised” –Amon Sanniez, Associate Security Researcher

Why is this significant? Remember the statistic from the Websense Security Labs™2010 Threat Report, which reports that almost 80% of cybercrime scams are on compromised legitimate web servers. Attacks are growing more and more advanced every day – and it’s getting harder for simple security software to detect them. Find out how to prevent the possibility of your organization falling victim to these attacks here.  


...   Read more >
The Next Hotbed of Cybercrime Activity is... Canada?!?
Posted: Monday, May 9, 2011 4:37 AM by Patrik Runald
Cybercriminals are on the move again. And, this time, Canada is the prime target. IP addresses in China and Eastern Europe are highly scrutinized and undergoing intense evaluation. So hackers are on a quest to move their networks to countries, like Canada...   Read more >
Osama photos; Scam me once... but what happens next?
Posted: Thursday, May 5, 2011 4:31 PM by Spencer Parker
Since President Obama announced the events in Pakistan over the past weekend, Websense has been monitoring a large wave of scams and malicious content surrounding the death of Osama bin Laden . Today the US Government has confirmed it will not be releasing...   Read more >
BBC News: Global spam e-mail levels suddenly fall
Posted: Thursday, January 6, 2011 6:03 PM by Carl Leonard

This morning I spoke with the BBC News to discuss possible explanations about why spam levels appear to be falling in recent months. Are spammers re-grouping? Are they simply moving from targeting email to social media? Click here to read the full BBC News article.

In 2010, Websense Security Labs found that 89.9% of all unwanted emails contained links to spam sites or malicious websites —an increase of 4% over 2009. However, there have been signs that spammers are turning to alternative methods other than e-mail for distributing their messages - such as Facebook and Twitter. As long as spammers can generate a profit from their activities, email spam isn’t going away, and will continue to be spread to other profitable areas, including social media. Check out our recent Threat Report, for more details.

It’s important that individuals, organizations, and celebrities protect their Facebook page and blogs from spam and malicious content. Free for individuals, our Defensio product helps brands protect their reputation and maintain their fans’ trust, by analyzing, classifying and removing unsavory user-generated content (whether it is malicious, spam, or even profanity).

Have any questions/comments? Let me know...

...   Read more >
More News & Views...