Websense® Security Labs™ Issues Second Half 2005 Semi-Annual Security Trends Report
Websense, Inc., a global leader in web security and web filtering productivity software, today announced the release of the 2005 Semi-Annual Web Security Trends Report issued by Websense® Security Labs™. The new report summarizes findings for the second half of 2005 and presents projections for the upcoming year. In the second half of 2005, Websense Security Labs was successful in identifying and mitigating several new high-profile exploits, including being the first to discover the Microsoft Windows Metafile (WMF) vulnerability being exploited in the wild and also uncovering websites hosting code attacking the vulnerability within the Sony BMG Music Entertainment copy protection uninstall program.
Websense Security Labs was introduced in August 2004 with the primary objective of discovering and investigating today’s advanced internet threats, and then publishing those findings to the security community and customers. Websense Security Labs research delivers precise depictions of current web outbreaks as well as insight into new malicious threats before attacks are launched. Utilizing a worldwide network of computers, data mining processes, customer feedback loops, and malicious code categorization expertise, Websense Security Labs proactively discovers and immediately defends customers against web-based threats. As new threats are discovered, Websense web security software quickly protects an organization’s network infrastructure and employees via real-time security updates of malicious URLs and applications.
According to the report, the web continued to evolve and grow as an attack vector in the second half of 2005. The report found that the trend of bot-led denial-of-service attacks increased at an alarming rate. In these attacks, hundreds of thousands of computers infected with an unauthorized software agent are directed by a centralized control channel to carry out attacks. In addition, cyber-extortion attacks, in which money is requested from users to fix a problem created by the cyber-criminal, continue to rise.
“Websense Security Labs utilizes a unique and sophisticated process to scan over 75 million websites per day, looking for malicious attacks against the end-user and enterprise. With our extensive malicious code detection and classification expertise, we continue to be on the forefront of discovering advanced attacks and techniques,” said Dan Hubbard, senior director of security and technology research for Websense, Inc. “As Websense Security Labs discovers new high-level security threats, we utilize these findings to provide rapid web security protection to our customers by eliminating the threat entirely.â€
Major Discoveries by Websense Security Labs during the second half of 2005
November 16, 2005 – Websense Security Labs was the first to discover websites hosting code attacking the vulnerability in the Sony BMG Music Entertainment copy protection uninstall program. The code on these websites allowed hackers to obtain remote access into users’ machines simply by visiting a website.
December 2, 2005 – Websense Security Labs was the first to discover exploits that were using a zero-day Internet Explorer vulnerability. The Windows object exploit allowed successful downloading and launching of malicious code without user-intervention.
December 14, 2005 -Websense Security Labs was the first to discover the Microsoft Windows Metafile (WMF) vulnerability and an associated active exploit. The exploit enabled attackers to download and launch additional software on vulnerable Windows clients, including keyloggers, crimeware, bots, and Trojan horse malicious code.
Additional Highlights from the Second Half 2005 Security Trends Report
The motives for creating malicious websites continued to trend away from annoyances, such as changing default homepages, to increasingly malicious purposes, such as changing browser address bars to redirect users to fake banking, commerce and other sites.
Browser and operating system vulnerabilities were exploited more frequently by spyware, crimeware, phishing, and keylogger installations.
There was a shift towards profiting from current events, in particular, donation scams for natural disasters. Prime examples were sites purporting to collect donations for tsunami or Hurricane Katrina victims.
Phishing attacks continued to target and exploit non-financial organizations as well as banks.
Spear phishing, attacks that use stolen inside information to convince victims that the approach is legitimate, was on the rise as a technique used to dupe increasingly sophisticated consumers into taking the lure.
To view the report in its entirety please visit: http://www.websensesecuritylabs.com/docs/WebsenseSecurityLabs20052H_Report.pdf.
Related Posts:Posted on 03/3/06 4:01 AM
Be the first to comment!
Leave a Reply
Search for hosts
SYNDICATION
-
NEW! Blog Feed:
- 07/18/2006 Hosting Industry News Briefing
July 18, 2006 - 07/17/2006 Hosting Industry News Briefing
July 17, 2006 - 07/14/2006 Hosting Industry News Briefing
July 13, 2006
Reviews Feed:
News Feed:
Resources Feed: