Thursday, September 17, 2009

Web Security - A Report by Websense for first half of 2009


ShareThis
WebSense (websense.com) is a leading web security research company.
They have released report of web-security for the first 2 quarters of year 2009.
Its worth reading. Here is the summary:

Web Security
• Websense Security Labs identified a 233 percent growth in the number of malicious Web sites in the last six months
and a 671 percent growth during the last year.
• 77 percent of Web sites with malicious code are legitimate sites that have been compromised. This remains
unchanged from the last six-month period.
• 61 percent of the top 100 sites either hosted malicious content or contained a masked redirect to lure unsuspecting
victims from legitimate sites to malicious sites.
• 95 percent of user-generated comments to blogs, chat rooms and message boards are spam or malicious.
• 50 percent of Web pages linked to Web sites categorized as “Sex” also served malicious content.
• 69 percent of all Web pages with any objectionable content (e.g. Sex, Adult Content, Gambling, Drugs) also had at
least one malicious link.
• 78 percent of new Web pages discovered in the first half of 2009 with any objectionable content had at least one
malicious link.

Email Security
• 87.7 percent of email messages were spam. This represents a three percent increase over the last six months.
• 85.6 percent of all unwanted emails in circulation during this period contained links to spam sites and/or malicious
Web sites.
• Shopping remained the leading topic of spam (28 percent), followed closely by cosmetics (18.4 percent), medical
(11.9 percent) and education (9.5 percent). Education themed spam has nearly doubled over the previous period
and may be related to the recession as spammers seek to exploit people looking to gain new skills or obtain fake
qualifications to help their job prospects.

Data Security
• 37 percent of malicious Web/HTTP attacks included data-stealing code. This remains unchanged from the last
six-month period.
• 57 percent of data-stealing attacks are conducted over the Web. This number has stayed consistent over the
six-month period.

Read more here:




Few interesting facts:

More than 47 percent of the top 100 sites support user-generated content.
• Not surprisingly, sites that allow user-generated content comprise the majority of the top 50 most
active distributors of malicious content. Blog hosting sites that offer free hosting and good reputations
provide malware authors with the perfect combination to compromise unsuspecting users.
• 61 percent of the top 100 sites either hosted malicious content or contained a masked redirect to
lure unsuspecting victims from legitimate sites to malicious sites. In many cases these redirects
appeared as the actual Web site, when in fact the content served on that page was being hosted
elsewhere.
• Websense Defensio technology enabled Websense Security Labs to identify a significant and
alarming trend regarding the ease with which Web 2.0 sites can be compromised: 95 percent
of user generated comments


0 comments: