Archive for August, 2007

Websense® Security Labs™ has discovered that the official Web site of The Bill, a popular British TV series, has been compromised and laden with malicious JavaScript code meant to infect visitors with a Trojan horse. Fortunately, the malicious code failed to launch due to what appears to be sloppy work by the intruder. The failure occurred because the code that was placed to execute, was improperly placed on the wrong section of the Web site.

We believe that these are the same perpetrators behind three similar compromises of a UN web site, a prominent bank in India and a large industry organization Web site. Websense Security Labs discovered and reported on these incidents earlier.

At this time, the malicious code is still on the Web site. However, Websense users with Websense Web Security Suite are protected from connecting to the sites hosting the malicious payload.

Screenshot of the Web site with its HTML source:

Read The Article »

Aug

30

Malicious Web site / Malicious Code: Better Business Bureau Scam Updated

2007 | Posted in Home, Websense Security Labs | Leave a Comment »

Websense® Security Labs™ has received reports of a new variant of an email attack that was originally launched early this year. The spoofed email purports to be from the Better Business Bureau (BBB). The message claims that a complaint has been filed against the recipient’s company.

Previously, the email attack contained an attachment that the victim would need to open in order to become infected. The new variant is slightly different.

The new message uses a tactic employed by other, more-successful email attacks, such as the recent Storm worm. Instead of including an attachment in the email, the body of the email contains a link to an external Web site from which the payload is downloaded if the link is accessed. This method allows the attack to bypass many attachment filters at the email gateway. Read more

Read The Article »