Great Reviews!Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?Need help customizing or designing scripts?Please contact us via the Contact Us option for further details and pricing.
Websense Security Lab™ ThreatSeeker™ Network has discovered that search terms related to Corey Haim have become the latest target for Blackhat SEO
Corey Haim, 1980s teen idol actor and a star of such famous movies as "The Lost Boys" and "License to Drive", was found dead in his Los Angeles apartment at the age of only 38 on Wednesday.
Whether it's a natural disaster or a death, Blackhats monitor and adapt to popular search trends. Not long after the sad news emerged, the search phrase "Corey Haim" became one of the hottest topics in Google trends.
Cybercriminals again jump at a chance to spread their rogue AVs. When users enter keywords such as "Corey Haim death" in Google, some of the results will lead them to download fake security software. The downloading FakeAV file has only 17% coverage from antivirus products.
Websense Messaging and Websense Web Security customers are protected against this attack.
Posted by Raven on Thursday, March 11, 2010 @ 22:50:41 EST (18 reads) ( | Score: 0)
Bloom Box Black SEO
Websense Security Labs(TM) ThreatSeeker(TM) Network has detected that search terms related to the Bloom Energy and its Bloombox Fuel Cell have become the latest target for Blackhat SEO poisoning attacks.
Bloom Box is a breakthrough technology in the energy sector that could revolutionize the way electricity is generated today. As people become interested in finding more information on this technology, related search terms are currently gaining momentum, and as they do so Blackhat SEO attacks are starting to climb up the search result listings.
At the moment, according to the VirusTotal report only 10% of antivirus products are detecting the threat.
Websense® Messaging and Websense Web Security customers are protected against this attack.
Posted by Raven on Monday, February 22, 2010 @ 21:18:45 EST (106 reads) ( | Score: 0)
Spammers already using Google Buzz
"With all the buzz this week about Google Buzz, we were just waiting for malicious activity to show up on the newly launched service. We didn't quite expect it to happen this fast. Today we saw the first spam using Google Buzz to spread a message about smoking.
The spammer is already following 237 people, and we can only imagine that he or she has sent similar messages to all of them. This particular message leads to a site hosted on a free Web hosting service talking about how to quit smoking.
When Twitter was launched, it took a while before it was used to send spam and other malicious messages. In this case,
Posted by Raven on Thursday, February 11, 2010 @ 18:58:18 EST (193 reads) (Read More... | 1423 bytes more | Score: 0)
Malicious Google Job Application Response
Websense Security Labs(tm) ThreatSeeker(tm) Network has discovered a new malicious spam campaign that spoofs Google job application responses. The messages look very well written and are so believable that they are probably scrapes from actual Google job application responses. Typically, spam has grammatical errors or spelling mistakes that make the messages obviously unofficial and act as red flags. The text of these messages, however, has no such mistakes, making them much more believable--especially if the target really has applied for a job with Google.
The From: address is even spoofed to fool victims into believing the message was sent by Google. The messages have an attached file called CV-20100120-112.zip that contains a malicious payload. This is where the message gets suspicious, because the contents of the .zip file have a double extension ending with .exe. The attackers attempt to hide the .exe extension by preceding it with .html or .pdf, followed by a number of spaces and then the .exe extension. The .exe file (SHA1:80366cde71b84606ce8ecf62b5bd2e459c54942e) has little AV coverage at the moment.
Posted by Raven on Monday, February 01, 2010 @ 15:53:53 EST (206 reads) ( | Score: 0)
Oklahoma Tax Commission Site Compromised
Websense Security Labs(TM) ThreatSeeker(TM) Network has discovered that the home page of the Oklahoma Tax Commission Web site has been compromised with malicious script code. The heavily obfuscated code has been injected at the bottom of the page.
The injected script code goes through a series of deobfuscation techniques that ultimately take the victim computer to an attack Web site without the victim's consent or knowledge.
At the time of this posting, the attack Web site is down, but it could come back up at anytime to carry out attacks against visitors to the Oklahoma Tax Commission home page.
Websense Messaging and Websense Web Security customers are protected against this attack.
Posted by Raven on Saturday, January 30, 2010 @ 00:21:26 EST (231 reads) ( | Score: 0)
Security Alert: Ice Skating Car Video Black Hat SEO
Websense Security Labs(TM) ThreatSeeker(TM) Network has discovered that a popular video called "Paignton Ice Skating for Cars" has been targeted by both SEO poisoning attacks as well as Web spam.
As a wave of icy weather is currently hitting large parts of Europe, the video has proved to be very popular, with currently more than 850,000 hits on Yahoo Video. A different uploaded version on YouTube has had more than 1 million views so far. Criminals have used the video's popularity as an opportunity to spread rogue anti-virus programs by poisoning the search results of major search engines. When the term "ice skating car" is searched via Google, nearly half of the search results on the first page redirect the user to rogue anti-virus sites. Clicking any of those links takes the user to a Web site with the message: "Your PC is at risk of virus and malware attack." That's an old trick used to lure unsuspecting users to download a fake anti-virus installer.
The black search results in Google redirect the user through several sites, most of which are hosted in Russia, before finally landing in the rogue anti-virus site. The criminals often change the second site in the redirection chain in order to make it harder to detect. The file has a relatively low AV detection rate.
Websense® Messaging and Websense Web Security customers are protected against this attack.
Posted by Raven on Monday, January 11, 2010 @ 20:40:54 EST (329 reads) ( | Score: 0)
Office.Microsoft.Com Search Results Can Lead To Rogue Anti-Virus
Websense Security Labs™ ThreatSeeker™ Network has detected that search results on office.microsoft.com can lead users to a Rogue AV page.
Users looking for information related to help with Office products on Microsoft’s own site are being targeted. Users may be unaware that, when they type in search queries on the site, Microsoft scours its own Web site for results, but also pulls in results from the broader Web. Because the URL for the search results begins with http://office.microsoft.com, this is particularly troubling for users who trust sites simply because of their reputation.
Posted by Raven on Friday, January 08, 2010 @ 16:15:01 EST (375 reads) ( | Score: 0)
Security Alert: Fox Sports Web Site Compromised
Websense Security Labs(TM) ThreatSeeker(TM) Network has detected that the Fox Sports site has been compromised and injected with malicious code. Fox Sports is a division of the Fox Broadcasting Company. It specializes in the latest sports news and world sports updates. Fox Sports has an Alexa ranking of 330.
Our research shows that the site has been injected with two pieces of malicious code. One of them is the latest Gumblar campaign, and the other redirects individuals to a malicious Web site, whose link was unreachable at the time of this alert.
The ThreatSeeker Network has detected that thousands of Web sites have been compromised by the latest Gumblar campaign. The Gumblar page is highly obfuscated. After deobfuscation, the page uses PDF and Flash exploits to run malware in order to control a victim's computer. In addition, a piece of VBScript is executed to download malware.
Websense Messaging and Websense Web Security customers are protected against this attack.
Posted by Raven on Thursday, December 31, 2009 @ 10:27:31 EST (312 reads) ( | Score: 0)
Security Alert: Brittany Murphys Death SEO Poisoning
Websense Security Labs(TM) ThreatSeeker(TM) Network has discovered that Google top searches on "Brittany Murphy death" will return rogue AV Web sites. Users will be redirected to malicious domains if they click the matches with a referrer from search engines like Google. The malicious domains try everything to convince people that they are real AV software Web sites, so that users download and execute the fake software offered.
To view the details of this alert Click here
Posted by Raven on Monday, December 21, 2009 @ 17:52:36 EST (441 reads) ( | Score: 0)
The Koobface Web site offers a video posted by 'SantA'. The usual ruse of requiring a codec to watch the video is used, to encourage the user to install and run a file called setup.exe (SHA1:a2046fc88ab82abec89e150b915ab4b332af924a). This file is currently detected by 16 out of 41 antivirus products according to VirusTotal.
To view the details of this alert Click here
Posted by Raven on Monday, November 30, 2009 @ 12:39:27 EST (531 reads) ( | Score: 0)
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
