Blogs

Spammers Abusing Google’s Web 2.0 services

10.03.08 - 09:43 PM
Web 2.0 aims to enhance user creativity, information sharing, collaboration and functionality of the Web. These features enable social networking, video sharing, blogs, Web publishing, plus other popular methods of information and content creation, editing, sharing and distribution. This power is being abused by spammers and malware authors to carry out various attacks, which pose a threat to Web 2.0 functionality.
Read more »

This Month in the Threat Webscape

10.03.08 - 09:30 PM
September showed us that highly visible sites like BusinessWeek.com and BillOreilly.com are not immune to serious web attacks. BusinessWeek.com learned the hard way that they can unknowingly serve up exploits to themselves and their visitors. Other highly visible sites, like The New York Times, are also vulnerable. While Microsoft works determinedly to patch vulnerabilities that can be exploited over the web, the Web Application Security Consortium reports that 97% of sites it studied continue to have significant vulnerabilities. What's more, results reported in various studies released this month indicate that most people can't tell good sites from bad, and even the aware and informed fall prey.
Read more »

The Ultimate Deobfuscator

10.03.08 - 09:05 PM
I gave a talk last weekend on JavaScript deobfuscation, and I promised the crowd a follow-up blog and code to be released, so here it is. Basically the presentation was another solution, other than creating a Browser simulator, to deobfuscate JavaScript. Below is an example of obfuscated malicious Web content.
Read more »

ToorCon 2008 Recap

10.01.08 - 08:25 PM
ToorCon finished up its 10th conference in San Diego this past weekend. Both Dan Hubbard and Stephan Chenette gave their presentations on Sunday. We had a good turnout at ToorCon this year, although the late conference announcement may have contributed to a crowd size that was smaller than previous years.
Read more »

CAPTCHA Revisited: Microsoft's "Revised" CAPTCHA Busted By Spammers For Mass-Mailing Operations

09.30.08 - 03:00 AM
Spammers are once again targeting Microsoft's Hotmail (Live Hotmail) services. We have discovered that spammers, in a recent aggressive move, have managed to create automated bots that can sign up for and create random Hotmail accounts, defeating Microsoft's latest, revised CAPTCHA system. The accounts are then used to send mass-mailings.
Read more »

How Malware Expands A Phishing Network

09.26.08 - 05:10 PM
In the labs we like to go over URLs flagged as suspicious by ThreatSeeker. When we were going over those URLs last week we noticed an interesting file which came in through a spammed URL. As ThreatSeeker began quarantining the suspected messages, we decided to investigate the file that the suspected URL led to so we could see if it might be interesting in any way.
Read more »

Freezing Malware in Memory

09.25.08 - 04:45 PM
[UPDATED] Our research on malicous files often includes looking at downloader programs. These programs connect to the Internet and grab other programs (binaries) that carry out malicous attacks on the targeted machine. One problem with investigating downloader programs is that sometimes, when we want to attach a debugger to view the program's memory, it terminates itself too quickly!
Read more »

Websense Researchers presenting at a conference near you

09.24.08 - 02:15 PM
In the next two weeks, a few of us are speaking at various conferences in North America (Toorcon X and VB2008). I want to let everyone know so that hopefully, if you're interested in the work we've been doing and the blogs we've written, we can meet up to discuss them.
Read more »

WBSN True Phishing Stories - eBay Motors

09.17.08 - 01:30 PM
Websense Security Labs routinely receives stories of phishing scams. We wanted to share the story with you as online auction phishing scam are a common occurrence and we hope you can learn from this victim’s mistake. This is a true story of a victim, hooked by an online eBay scam. The scam works as a “for sale” post on eBay and usedboats.com. This is a scam where victims are hooked and reeled into making a deal with the seller and involves a storyline that is almost too good to be true.
Read more »

Wget Denied

09.15.08 - 05:56 PM
Lately we've been analyzing a lot of malicious Flash files. In a recent instance, I was investigating a situation where upon receiving a SWF linked URL in an email and clicking it, a user was automatically redirected to a spam Web site. When I used GNU's Wget utility to fetch the page, I got a "403 forbidden" response. I initially thought that either the attackers had blacklisted my location or they were being crafty and checking all HTTP header attributes.
Read more »