Threatlabz

Zscaler ThreatLabZ is the global security research team for Zscaler. Leveraging an aggregate view of billions of daily web transaction, from millions of users across the globe, Zscaler ThreatLabZ identifies new and emerging threats as they occur, and deploys protections across the Zscaler Security Cloud in real time to protect you from advanced threats.

December 13, 2012     HTTPS Everywhere – Internet Explorer
  HTTPS Everywhere redirects users to HTTPS URLs based on a set of rules.
   
April 30, 2012     Search Engine Security – Internet Explorer
  Blackhat Search Engine Optimization (SEO) is a growing problem that search engines are failing to combat. This Chrome Extension will prevent Blackhat SEO attacks.
   
April 16, 2012     Search Engine Security – Google Chrome extension
  Blackhat Search Engine Optimization (SEO) is a growing problem that search engines are failing to combat. This Chrome Extension will prevent Blackhat SEO attacks.
   
March 19, 2012     Zscaler Safe Shopping – Internet Explorer
  The Zscaler Safe Shopping plugin is continually fed information regarding compromised and fake online stores. It warns you when you visit one of these domains. The list of domains is checked and updated regularly via Zscaler's cloud security service
   
December 15, 2011     Google Safe Browsing v2 Lookup libraries for Perl, Python and Ruby
  Google Safe Browsing API has migrated to version 2. The new protocol is much more complex than version 1 and there are only a few libraries available for version 2. Some popular languages, like Ruby, don't have any implementation at all.
   
November 21, 2011     Zscaler Likejacking Prevention — Plug-In for Firefox, Google Chrome, Safari and Opera
  Zscaler Likejacking Prevention — Plug-In for Firefox, Google Chrome, Safari and Opera The Zscaler Likejacking Prevention plug-in keeps you safe from Facebook scams that hide widgets such as ‘Like’ buttons on third party pages, using a technique known as ‘clickjacking’.
   
August 11, 2011     Zscaler Safe Shopping – Google Safe Browsing for Safari
  The Zscaler Safe Shopping plugin is continually fed information regarding compromised and fake online stores. It warns you when you visit one of these domains. The list of domains is checked and updated regularly via Zscaler's cloud security service
   
June 5, 2011     Zscaler Safe Shopping – Google Chrome extension
  The Zscaler Safe Shopping plugin is continually fed information regarding compromised and fake online stores. It warns you when you visit one of these domains. The list of domains is checked and updated regularly via Zscaler's cloud security service
   
May 26, 2011     Zscaler Safe Shopping – Firefox Mobile Add-on
  The Zscaler Safe Shopping plugin is continually fed information regarding compromised and fake online stores. It warns you when you visit one of these domains. The list of domains is checked and updated regularly via Zscaler's cloud security service.
   
April 26, 2011     Search Engine Security – Firefox Mobile  Add-on
  Blackhat Search Engine Optimization (SEO) is a growing problem that search engines are failing to combat. This Firefox add-on will prevent Blackhat SEO attacks by masking the source of requests to malicious pages, ensuring that the attacks are never delivered.
   
February 22, 2011     Zscaler Safe Shopping - Firefox Add-on
  The number of compromised stores, fully controlled by hackers, and fake store is growing.  This Firefox add-on warns users when they visit one of the suspect domains.
   
January 17, 2011     Google Safe Browsing v2: Implementation Notes
  A collection of notes and real-world numbers about the API. This is intended for people who want to learn more about the API, whether as a user or to make their own implementation.
   
November 5, 2010     BlackSheep - Firefox Add-on
  Firesheep allowed any user to seamlessly hijack the web session of another user on the same local network. BlackSheep, also a Firefox plugin is designed to combat Firesheep.
   
October 26, 2010     Net::Google::SafeBrowsing2 - Perl library for Google Safe Browsing v2 API
  Net::Google::SafeBrowsing2 is the first  implementation of the Google Safe Browsing v2 API for Perl.
   
October 20, 2010     Search Engine Security - Firefox Add-on
  Blackhat Search Engine Optimization (SEO) is a growing problem that search engines are failing to combat. This Firefox add-on will prevent Blackhat SEO attacks.
   
Zulu URL Risk Analyzer
Check websites for any potential hidden risks
Zulu is a dynamic risk scoring engine for web based content. For a given URL, Zulu will retrieve the content and apply a variety of checks in three different categories: Content, URL and Host checks. Try It >
 
IPAbuseCheck
Check IP addresses that may be abusing proxies
IPAbuseCheck was designed to provide a simple web interface to query your IP addresses against a database that we have built containing IP addresses that we believe have attempted to forward abusive or unwanted traffic through one of our proxies. Try It >
December 10, 2013
November 27, 2013
November 12, 2013
November 11, 2013
November 5, 2013
October 8, 2013
September 17, 2013
September 10, 2013
August 13, 2013
July 09, 2013
June 11, 2013
May 14, 2013
May 04, 2013
April 9, 2013
March 12, 2013
Feburary 12, 2013
January 10, 2013
January 8, 2013
December 31, 2012
December 11, 2012
November 13, 2012
October 9, 2012
September 21, 2012
September 18, 2012
September 11, 2012
August 27, 2012
August 14, 2012
July 10, 2012
June 12, 2012
May 8, 2012
April 10, 2012
March 13, 2012
February 14, 2012
January 10, 2012
December 13, 2011
November 8, 2011
November 4, 2011
October 11, 2011
September 13, 2011
August 9, 2011
June 14, 2011
May 10, 2011
April 12, 2011
March 8, 2011
February 8, 2011
January 28, 2011
January 11, 2011
December 14, 2010
November 9, 2010
November 3, 2010
October 12, 2010
September 14, 2010
September 9, 2010
August 10, 2010
July 21, 2010
July 13, 2010
June 10, 2010
June 8, 2010
March 9, 2010
January 20, 2010
video10Silent installation of 3rd party extensions in Firefox
Demonstration of a silent installation of an extension in Firefox (no warning from Firefox). Download the program and its code used in this presentation at http://research.zscaler.com/. More details at http://research.zscaler.com/
   
video9 Example of Likejacking: hidden Facebook Like widgets follows the mouse
Usually, these spam website try to get the user to click at a specific area on the page where they have hidden one or more Like buttons. On this page, the Like Button is always under the mouse, through out the page. See how spammers are using Likejacking to add a link to their page in their profile, and how the free browser extension Zscaler Likejacking Prevention can help users.
   
video1 Facebook Like-Jacking: "Dad walks in on Daughter.. EMBARRASSING!"
One example of Facebook Like-Jacking with the "Dad walks in on Daughter.. EMBARRASSING!" video so popular on Facebook and Internet. See how spammers hide a Facebook Like buttons to get users to click on them and spread their spam virally.
   
video2 Zscaler Safe Shopping browser extension
Zscaler Safe Shopping warns users visiting a fake online store, or a compromised store. The plugin is available for Firefox, Firefox Mobile, Google Chrome, Safari and Opera. More information at http://research.zscaler.com/ and http://www.zscaler.com/researchtools.html
   
video3 Protect your self against Facebook spam: Zscaler Tool for "LikeJacking" Protection
Facebook widgets, including the "Like" buttons, are often used to spread spam and propagate scams. Typically, the scammer creates a page with a fake video player. Users are tricked into clicking on Facebook Like buttons hidden behind a fake Play button. This is called Likejacking, and it's a specific form of clickjacking. I have posted a Youtube video showing in June that explains how these Facebook widgets are disguised.
   
video4 Black Hat Spam SEO
For some time, attackers have leveraged Search Engine Optimization (SEO) techniques in order to promote malicious web content targeting end users. Google has researched this phenomenon and recently announced that fake antivirus pages now represent 60% of the malware associated with popular search terms and these attacks continue to grow in prevalence.
   
video5 BlackSheep, a tool to detect Firesheep
BlackSheep is a free Firefox extension to detect the use of Firesheep on the same network. More info at http://research.zscaler.com/

This video shows how BlackSheep works.
   
video6 fake Youtube "Hot Video" pages
A Google Search for "Hot Video" shows fake Youtube pages. These pages redirect to a fake antivirus page. The malicious executable is detected by less than 21% of the antivirus vendors.
   
video7 Fake flash install (no sound)
This page claims I do not have Flash installed. The animation looks like Flash is getting downloaded on my computer. The executable is actually a malware detected by very few antivirus vendors (6 out of 43). A similar page exists with a fake video of Emma Watson naked: http://research.zscaler.com/2011/10/naked-emma-watson-video-used-to-spread.html
   
video8 Malicious Fake AV page (no sound)
A malicious page shows a Fake antivirus in action that supposedly found malware on the user computer. The page would then prompt the user to download and install a free antivirus. The executable is actually a malware.
   
Ad Retargater