informa
/
News

Websense Unveils Report

Report reveals increase in malicious sites using code from easy-to-use toolkits designed for criminals with no hacking experience

SAN DIEGO -- Websense, Inc. (NASDAQ: WBSN), a global leader in web security and web filtering productivity software, today announced the release of the WebsenseR Security LabsT 2006 Semi-Annual Web Security Trends Report, which summarizes findings for the first half of 2006 and presents projections for the remainder of 2006. The report shows that the volume of attacks increased and malicious code became more covert, less recognizable and more targeted toward financial gain.

Not only has malicious code become more sophisticated, but the infrastructure supporting its creation and spread has also become more complex. Of the sites designed to steal credentials, almost 15 percent are derived from toolkits, an emerging tactic from the hacker community. These kits, made by professional malicious code writers, are often for sale on the internet and allow non-sophisticated users to launch sophisticated attacks against operating system exploits and vulnerabilities.

The criminal motive of attacks has also become more apparent as traditional hacking for fun has been replaced with activities designed to steal confidential data to reap financial rewards. The report notes a 100 percent increase in sites designed to install keyloggers, screen scrapers and other forms of crimeware. Conversely, Websense has seen more than a 60 percent drop in websites designed merely to change user preferences, such as browser settings.

In the first half of 2006, Websense successfully identified and mitigated several new high-profile exploits and widespread web attacks including the continued assault on the Microsoft Windows Metafile (WMF) vulnerability and the Internet Explorer "zero-day" create text vulnerability.

"Websense Security Labs continues to be on the forefront of discovering advanced web-based attacks and techniques. The growth of toolkits is allowing criminals, who may not be versed in writing malicious code, the ability to launch highly sophisticated attacks with minimal effort or expertise," said Dan Hubbard, vice president of security research for Websense. "In addition to protecting against web-based threats such as keyloggers or spyware, Websense profiles these attacker toolkits to proactively protect organizations from these kits before a wave of attacks is triggered."

Websense Inc. (Nasdaq: WBSN)

Recommended Reading: