7/29/2019 Websense security Labs

1/13

Websense security Labsstate o internet securityQ1 Q2, 2008

7/29/2019 Websense security Labs

2/13

W s L h p-pdg W thsk nwk dv, l-

d m gll i h d d. g h wld i HGd, h

m hdd hlg ldg hl, hp, p m, mh

lg d dvd gd mpg m p hgh m h ll p

dl, hg h. ev h, m h 40 mll W ml

d d l mll ml wd d ml d. ug m h 50mll l-m d llg m, h W thsk nwk m d l

W, mgg, d d pvdg W wh pllld vl h

h i d ml.

th p mmz h g dg W h g h thsk n-

wk dg h x-mh pd dg J, 2008.

1 Source: Alexa (www.alexa.com) data on Web trac or top 100 Web sites

1

W s L: s i s, Q1 Q2, 2008

Websense ThreatSeeker Network Research Highlights, Q1 Q2 2008

Web Security

75 p W wh ml d lgm h hv mp-

md. th p lm 50 p v h pv x-mh pd.

60 p h p 100 m ppl W hv h hd vlvd

ml v h hl 2008.

12 p W d wh ml d w d g W mlw x-

pl k, d 33 p Dm 2007. W h lv

h d m d k lhg m mzd k vd

g d m.

Messaging Security

87 p ml mg pm. th pg m h m h d hl

2007.

76.5 p ll ml l d lk pm d/ ml W

. th p 18 p v h pv x-mh pd.

85 p wd (pm ml) ml lk.

Pgph-ld pm dd m h 70 p d lg h m

ppl p pm. shppg (20 p), cm (19 p), d Mdl (11 p-

) p h mj d pm.

9 p pm mg phhg k, pg 47 p v

h l x mh.

Data Security

29 p ml W k ldd d-lg d.

46 p d-lg k dd v h W.

7/29/2019 Websense security Labs

3/13

2

Wh d-lg W d ml k h , W s L kg wh d

g .

O the 46.37 percent o malware that connects via the Web:

57.3 p mlw ud s am

6.19 p mlw ch

5.5 p mlw cd

4.27 p mlw r

4.11 p mlw bzl

22.63 p mlw h

Cybercriminals Increase Attacks on Web Sites with Good ReputationsDg h hl 2008, h vlm lgm W mpmd wh ml d -

d p h m d k pll ml pp. i h

hl 2008 more than 75 percent o the Web sites Websense classifed as malicious were actually

sites with seemingly good reputations that had been compromised by attackers. th p 50 p v h l x mh.

The Webscape Demonstrates Web 2.0 Sites Are a Fresh TargetW s L l h Wp gl . th p 100 m vd

W pp d ld sl nwkg sh h h g. th

x 10,000 m vd pml v d w d, dw h lg l h

i, W h m gl d g-d. th gwg l d h Wp

mpd pl lk lg, mll , d W pll p d

d . eh h Wp h w q hllg, h p 100 W

pp h mp h lg m v gwg g k. rh

hw h k h h W 2.0 lm h vlvg W-

p, mg h dpv l d dm g w qd

p d h m. blw gph h W vw h Wp:

W s L: s i s, Q1 Q2, 2008

7/29/2019 Websense security Labs

4/13

3

The top 100 most visited Web sites:

rp h mj ll W pg vw, d h m ppl g k. Wh

h lg , gd p d pp W 2.0 ppl, h pvd

ml d h wh d pp.

W s L dd h 90 p h p 100 gzd sl

nwkg sh.

M h 45 p h pp -gd .

60 p h h hd ml d mkd d l

pg vm m lgm ml . i m h d pp

h l W , wh h vd h pg g hd lwh.

Security Trends

Tarnished Reputationscg h d dd W 2007, k d k dvg w

dl m d p p-d m k v.

In April o 2008, Websense Security Labs discovered massive attacks that compromised hundreds o

thousands o legitimate Web sites with good reputations worldwide wh d-lg ml d.

th k ldd m Msnbc, ZDn, Wd, h ud n, lg uK gvm ,

d m. i h k, wh w pd h hd mpmd ,

ll d m HtML g dd ml wh xpl. a l, ml-

d, dgd l dl m, w lhd vll mh.

i dd W xpl, ml pmm l kg dvg h

p ppl ml v lk yh! d Gml p pm

m. During the frst hal o 2008, Websense Security Labs ound spammers

using sophisticated tools and bots to break the CAPTCHA - systems that were

developed to keep email and other services sae rom spammers and other ma-

licious activity. M Lv Ml, Ggl ppl Gml v d yh!

ml v w ll mpmd h khgh mhd. sql,

pmm hv l g p h ml m

d d pm m ml wh gd p. Wh g-

p p, wd pl v d dm h lkl

lkld gv h p, pmm hv l lh k

mll wldwd whl mg m.

Attackers Are Changing the Game with Web 2.0a m gz d h mpl dpg W 2.0 hlg lgm

, gv pvlg h dl dg W pldg lpll

g m m gz lk h dq hlg d p-

l W 2.0 . th W 2.0 ppl h llwd hk g

d g mh-p, dd d j, d h pvdg h lvl

mplx gz d h w pv d l d ml k.

Websense has ound that the content o a single Web page may be comprised rom multiple locationsincluding a variety o disparate sources. th dg h pll h h

vwg m h urL h dd , h l . th urL lg -

p h m h W pg. a h, gz h l h

mpl vw W 2.0 hlg lk Ggl W pl l wkg , wk, d

lg, d l-m W p p h mpl d h l m.

W s L: s i s, Q1 Q2, 2008

2 CAPTCHA Defnition: Completely Automated Public Turing test to tell Computers and Humans Apart

7/29/2019 Websense security Labs

5/13

4

Mlw mqdg W d pvd ppl m hk

d ml hgh-pl dg h hl h .

W s L dd vl wh ml

hgh-f, hgh-p h Msp, ex.m, yh! Ml

d Pl.m h xplg lg d. Msp -

kwgl h phd mlw pg .Wh ex.m, k d h v xpl h h

h pld wh h W . tg dd lz h h x-

l h w dwldg m m mddd, ml , d

m ex.m. av vd ld d m h k.

The Web Remains the Number One Attack Vectora i , h W k v gw. W v gl m-

pmd hgh p - pg (Xss) d sQL j wll Dns h pg

k. i J 2008, W s L vd p h h fl W icann

d iana Dm w hjkd tkh gp lld nDvlz g Dns h pg.

ov h l x mh, W s L h kd hk g lk h W

vll sQL j k. ak g h wh h hgh pl d g p-

, mxmz h m v h h mpmd. i dd, l-d

h hv d wh ppl W 2.0 mp h k s ch ppl-

, whh ll d-vg w, wll ml-md ppl h xpl h

Qkm d lh. blw h p W k v v h l x mh.

W s L: s i s, Q1 Q2, 2008

Top 10 Web Attack Vectors in 1st Hal o 2008:

bw vll1.

ad lh vll2.

avX vll3.

sQL j4.

ad a rd vll5.

c mgm m (cMs) vll6.

appl Qktm vll7.

Ml W 2.0 mp (.g. k ppl,8.

hd-p wdg/gdg, d )

rlPl vll9.

Dns h pg10.

7/29/2019 Websense security Labs

6/13

5

Metrics

W s L k h llwg m d dl W d ml-d -

k g d d .

Top Countries Hosting Phishing Sites (Jan 08 Jun 08)th p gph lw dm h p h , mh, wh h hgh m phhg k.

Phhg k hv dg dw v h l x mh; h h m x

mh g.

W s L: s i s, Q1 Q2, 2008

7/29/2019 Websense security Labs

7/13

6

Top Countries Hosting Crimeware (Jan 08 June 08)th p gph lw dm h p 3 mh hg mw, l mlw

dgd pll m l m. ov h l x mh, h mj mlw w

hd h ud s d ch.

W s L: s i s, Q1 Q2, 2008

7/29/2019 Websense security Labs

8/13

7

Blended Threatsth vg W d ml h ldd h . W

s L p h w m h 76.5 p ll ml l dg h pd -

d lk pm d/ ml W . th p l 18 p

Dm 2007.

exmpl ldd h h Storm attacks. th sm k h hv lhd m

h m pl k h l w . sm p xmpl ldd h h

mlpl k v ldg DDs, W, P--P (P2P), p, d mlw d-

. W s L h g h sm wm l 2007 wh h wv

h sm wm pd h wld. av vd hv ggld kp p wh h wdpd

k. sm l pd h, mpl ml, g h vm lk pd lk d

dwld ml l. L g m hld lk h h Jl, l d lk hhqk ch d m l, ppl v lk h olmp. th gd pm m-

pg p lg pl h i h. sm dvd

plmphm ( l hgg ) mk dfl dl hlg

d.

From Discovery to Patch: Window o VulnerabilityW pplm dd v d wll kg h m-

d d pvd p wh m dv ph d g

vll. th h lw hw h wdw xp w h d W

thsk nwk d h l h ph v w pvd. th d lw

p h m k h v vd plh g h ml h W- dd.

W s L: s i s, Q1 Q2, 2008

7/29/2019 Websense security Labs

9/13

8

ov h l x mh, h gll m mg g v lw mp h

m mg ld pm. Hwv, h v v dl g, pg

500 p Dm 2007. th pg ml mg ggd pm

m 87 p wh z-p hg v h l x mh.

W s L: s i s, Q1 Q2, 2008

Spam Typesi h p x mh W s L h pmm mv w m dg pm

hgh hm, pg d d urL pm-hg d d . ad-

dll, W d a reduction in image spam rom 32 percent in December o 2007 to 18

percent in June 2008.

7/29/2019 Websense security Labs

10/13

9

ov h l x-mh, h vlm pgph pm, dd m h 70 p whl

hppg d lm 80 p. th h wp m ld h h pm-

m gg m phd. th g l wkg l m h

vm d g gd mpg h k v . th h m ppl

p pm w hppg (20 p), m (19 p) d mdl (11 p.) a

hw h lw, W s L l pm h llwg 15 g:

W s L: s i s, Q1 Q2, 2008

Websense Security Labs Firsts

th llwg l hghlgh w h mj k ll dd W s L

dg h hl 2008.

Spammers streamline anti-CAPTCHA operations on Microsot Windows Live Mail and GmailAttack Date: 02/06/08

Attack Details:

W s L, wh thsk nwk, dvd h Wdw Lv Ml ,

W ml v m M, w g gd pmm g w phdhq hd Wdw Lv ml dd kg h caPtcHa p

dgd pv h dl . ug wk, pmm lhd

h g pg h M-wd ml v d w l p

h caPtcHa qm 35 p h m. ml v m M, yh! d

Ggl l lkd -pm l, mkg m h v hghl pl

d vld pmm. i dd, W s L dvd h Ggl ppl W

ml v, Gml, w g gd spmm h pl gg p d

g dm Gml pp. W h lv h h m

gp vlvd kg h M Wdw Lv Ml caPtcHa k wll h Gml

caPtcHa k.

Websense Security Labs researchers believe there are our main advantages to this approach:

sgg p wh Ggl M llw wd pl v.

Ggl M dm lkl lkld -pm l.

th v .

i dfl d llgm mll wldwd g v Ggl

v gl . th pvd pmm wh l m, mkg hd

d d k h .

7/29/2019 Websense security Labs

11/13

10

W s L: s i s, Q1 Q2, 2008

Economic Stimulus PhishAttack Date: 05/16/2008 Threat

Attack Details:

eg p h il rv sv m-ml hk w k m h

h gd wh phhg hm. W s L wh thsk nwk d-vd phhg k h md l x-p v m, dd h em

sml Phh. th k ml pl vm h pvdd qk xpl

h m-ml pkg d gd hm g p d dp lkg

lk M 17. i wd h h p dd pd m, h d wld dld.

u h pgl lkd h tx rd ol m w kd pl m

h h m, dd, d d, atM p m, k m, d l m.

Websense frst to discover and protect against Microsot Excel vulnerability

Published March, 2008 (Identifed in November 2007)

Vulnerability Details:

W s L wh thsk nwk dvd -phd, hgh-k vll

(c# Ms08-014) M exl nvm 2007. M gzd W h d

Mh 2008 wh ph w d. th vll llwd d x wh exl d-

m wh h kwldg h . W vgll wh xpl h vll p gz d h l m m h. W wll m-

ll lk ml d gz mp.

7/29/2019 Websense security Labs

12/13

11

W s L: s i s, Q1 Q2, 2008

A Look Forward & Summary

Dg h hl 2008 pdd, h m mpmd W d gw d

p h m d ml . W h xp h d

hk m m phd d lvg h gd p W

vd dl m.

W h lv gz hld pp g hllg dg h

d hl 2008 d g mg h h p mph m gd-

g g d k h lvl mdl d pm d d h

i mpl gdg l m g ldd h d

dl ml l, wh W 2.0 d h i plm.

Hk wll g v d lvg -d d W 2.0 ppl -

v gg gz. rh xp k pl

k gg p gp ppl d d pl. Wh

pm d lk k w , w v md, W mdl, pg d l -

wk, gz wll d h W, mgg d d pgm dq

plg h hl d h w v hk xpl pd ml d l g.

t k mg kp p wh h h lm, p m hk h pph

W, mgg, d d . id hkg hlg, gz m hk

d. Hw d? Wh g ? Wh d wh ? Wh v ? Whh

hl l d ?

a l-d pph -ml d W lg wll pvd h p g

ldd h. ogz hld mv wd mphv d h

ld l W d mgg , l d pv m l

ll hl.

th d- vw m h, h h vg p l wh lmd vg, -

p wll mh d hlg, mm hl, d ppl d

pg d. th g h d d h ql p. M

h j pv m, h g pvd ppp p, llw h

x dd lgm d dp p. b pg v d,h l m h , gz h m d dd h i

plm.

th m d pd d wh h p d l k

d, ml hq d h llg ghd h wh W th-

sk nwk, W Hd W s d W Hd eml s.

7/29/2019 Websense security Labs

13/13

12

W s L: s i s, Q1 Q2, 2008

About WebsenseW, i. (nasDaQ: Wbsn), gll ld gd W, mgg d d p

hlg, pvd el im P m h 42 mll mpl m

h 50,000 gz wldwd. Dd hgh gll wk hl p, W-

w d hd l hlp gz lk ml d pv h l dl m d i d pl.

Websense Security LabsW s L h h m W, i. h dv, vg d

p dvd i h. ulk h h l, W h pllld kwl-

dg mlw d wh d h W. th llw W d d lk w h

h dl h mhd m, lg gz p v m

h, mpm, ppp . rgzd wld ld h, W

s L plh dg hdd p, vd d h gz

d h wld d pvd m h a-Phhg Wkg Gp.

Websense Security Labs a Pioneer in Emerging Threat Protection

upllld vl d dv mv l

rl-m dpv l pd d d h W 2.0 wld

Pwd d wld-l h m

M dv, ldg h phd, hgh-k M exl vll

(Mh 2008)

mk wh phhg p

mk wh dv- d khl pw p

mk wh wk p

mk wh mw/klgg p

Security Alertsrg wh W s L v ree wg ml i

v, ldg pw, pm, phhg, phmg, d pd W .

hp://www.W.m/l/l/

Blog Highlightsth W s L blg dlv h m m d kg w -

h p d d dvd i h. W s L vg d

plh m k, w h, d h lv W p p

gz m gl dg i h. m m, hk lg:

hp://www.w.m/l/lg