Websense Security Lab™ ThreatSeeker™ Network has discovered that search terms related to Corey Haim have become the latest target for Blackhat SEO

Corey Haim, 1980s teen idol actor and a star of such famous movies as "The Lost Boys" and "License to Drive", was found dead in his Los Angeles apartment at the age of only 38 on Wednesday.

Whether it's a natural disaster or a death, Blackhats monitor and adapt to popular search trends. Not long after the sad news emerged, the search phrase "Corey Haim" became one of the hottest topics in Google trends.

Cybercriminals again jump at a chance to spread their rogue AVs. When users enter keywords such as "Corey Haim death" in Google, some of the results will lead them to download fake security software. The downloading FakeAV file has only 17% coverage from antivirus products.

Websense Messaging and Websense Web Security customers are protected against this attack.

To view the details of this alert Click here

Websense Security Labs(TM) ThreatSeeker(TM) Network has detected that search terms related to the Bloom Energy and its Bloombox Fuel Cell have become the latest target for Blackhat SEO poisoning attacks.

Bloom Box is a breakthrough technology in the energy sector that could revolutionize the way electricity is generated today. As people become interested in finding more information on this technology, related search terms are currently gaining momentum, and as they do so Blackhat SEO attacks are starting to climb up the search result listings.

At the moment, according to the VirusTotal report only 10% of antivirus products are detecting the threat.

Websense® Messaging and Websense Web Security customers are protected against this attack.

To view the details of this alert Click here

"With all the buzz this week about Google Buzz, we were just waiting for malicious activity to show up on the newly launched service. We didn't quite expect it to happen this fast. Today we saw the first spam using Google Buzz to spread a message about smoking.

The spammer is already following 237 people, and we can only imagine that he or she has sent similar messages to all of them. This particular message leads to a site hosted on a free Web hosting service talking about how to quit smoking.

When Twitter was launched, it took a while before it was used to send spam and other malicious messages. In this case, Read More...

Websense Security Labs(tm) ThreatSeeker(tm) Network has discovered a new malicious spam campaign that spoofs Google job application responses. The messages look very well written and are so believable that they are probably scrapes from actual Google job application responses. Typically, spam has grammatical errors or spelling mistakes that make the messages obviously unofficial and act as red flags. The text of these messages, however, has no such mistakes, making them much more believable--especially if the target really has applied for a job with Google.

The From: address is even spoofed to fool victims into believing the message was sent by Google. The messages have an attached file called CV-20100120-112.zip that contains a malicious payload. This is where the message gets suspicious, because the contents of the .zip file have a double extension ending with .exe. The attackers attempt to hide the .exe extension by preceding it with .html or .pdf, followed by a number of spaces and then the .exe extension. The .exe file (SHA1:80366cde71b84606ce8ecf62b5bd2e459c54942e) has little AV coverage at the moment.

To view the details of this alert Click here

Websense Security Labs(TM) ThreatSeeker(TM) Network has discovered that the home page of the Oklahoma Tax Commission Web site has been compromised with malicious script code. The heavily obfuscated code has been injected at the bottom of the page.

The injected script code goes through a series of deobfuscation techniques that ultimately take the victim computer to an attack Web site without the victim's consent or knowledge.

At the time of this posting, the attack Web site is down, but it could come back up at anytime to carry out attacks against visitors to the Oklahoma Tax Commission home page.

Websense Messaging and Websense Web Security customers are protected against this attack.

To view the details of this alert Click here

Websense Security Labs(TM) ThreatSeeker(TM) Network has discovered that a popular video called "Paignton Ice Skating for Cars" has been targeted by both SEO poisoning attacks as well as Web spam.

As a wave of icy weather is currently hitting large parts of Europe, the video has proved to be very popular, with currently more than 850,000 hits on Yahoo Video. A different uploaded version on YouTube has had more than 1 million views so far. Criminals have used the video's popularity as an opportunity to spread rogue anti-virus programs by poisoning the search results of major search engines. When the term "ice skating car" is searched via Google, nearly half of the search results on the first page redirect the user to rogue anti-virus sites. Clicking any of those links takes the user to a Web site with the message: "Your PC is at risk of virus and malware attack." That's an old trick used to lure unsuspecting users to download a fake anti-virus installer.

The black search results in Google redirect the user through several sites, most of which are hosted in Russia, before finally landing in the rogue anti-virus site. The criminals often change the second site in the redirection chain in order to make it harder to detect. The file has a relatively low AV detection rate.

Websense® Messaging and Websense Web Security customers are protected against this attack.

To view the details of this alert Click here