Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search


Malicious Code is More Covert, Less Recognisable

Websense Report Shows Malicious Code is More Covert, Less Recognisable and More Targeted Toward Financial Gain

Report reveals increase in malicious sites using code from easy-to-use toolkits designed for criminals with no hacking experience; 100% increase in websites designed to install keyloggers, screen scrapers and other forms of crimeware

Auckland, 5 October, 2006—Websense, Inc. (NASDAQ: WBSN), a global leader in web security and web filtering productivity software, today announced the release of the Websense® Security Labs™ 2006 Semi-Annual Web Security Trends Report, which summarises findings for the first half of 2006 and presents projections for the remainder of 2006. The report shows that the volume of attacks increased and malicious code became more covert, less recognisable and more targeted toward financial gain.

Not only has malicious code become more sophisticated, but the infrastructure supporting its creation and spread has also become more complex. Of the sites designed to steal credentials, almost 15% are derived from toolkits, an emerging tactic from the hacker community. These kits, made by professional malicious code writers, are often for sale on the internet and allow non-sophisticated users to launch sophisticated attacks against operating system exploits and vulnerabilities.

The criminal motive of attacks has also become more apparent as traditional hacking for fun has been replaced with activities designed to steal confidential data to reap financial rewards. The report notes a 100% increase in sites designed to install keyloggers, screen scrapers and other forms of crimeware. Conversely, Websense has seen more than a 60% drop in websites designed merely to change user preferences, such as browser settings.

In the first half of 2006, Websense successfully identified and mitigated several new high-profile exploits and widespread web attacks including the continued assault on the Microsoft Windows Metafile (WMF) vulnerability and the Internet Explorer "zero-day" create text vulnerability.

“Websense Security Labs continues to be on the forefront of discovering advanced web-based attacks and techniques. The growth of toolkits is allowing criminals, who may not be versed in writing malicious code, the ability to launch highly sophisticated attacks with minimal effort or expertise,” said Joel Camissar, country manager, New Zealand for Websense. “In addition to protecting against web-based threats such as keyloggers or spyware, Websense profiles these attacker toolkits to proactively protect organisations from these kits before a wave of attacks is triggered.”

According to the report, Websense Security Labs has seen increased exploitation of both web servers and web browser/client technologies. Automated vulnerability scanning for server and client exploits is getting more intelligent, and attackers are taking full advantage of these exploits. During the first half of 2006, 35% of all malicious websites were hosted on web servers that had been compromised.

“As new threats are discovered, Websense web security software quickly protects an organisation’s network infrastructure and employees via real-time security updates of malicious URLs and applications. This advanced level of protection closes a critical window of exposure left open by deployed security solutions such as host and network based signature anti-virus and firewalls while protecting organisations against potential attacks before they even happen,” added Camissar.

Websense Security Labs was introduced in August 2004 with the primary objective of discovering and investigating today’s advanced internet threats and publishing those findings to the security community and customers. Websense Security Labs research delivers precise depictions of current web outbreaks as well as insight into new malicious threats before attacks are launched. Using patent-pending processes and technology, including a worldwide network of computers, data mining processes, customer feedback loops and malicious code categorisation expertise, Websense Security Labs scans more than 85 million websites daily to proactively discover and immediately defend customers against web-based threats.

Additional Highlights from the First Half 2006 Security Trends Report

- Websense Security Labs has seen a 100% increase in sites designed to install keyloggers, screen scrapers and other forms of crimeware. Conversely, the organisation has seen more than a 60% drop in websites designed merely to change user preferences, such as browser settings.

- Websense Security Labs saw a significant increase in the number of phishing targets. In fact, as many as 8–10 new targets are being discovered every day. The Labs also notes that phishing toolkits are now being used to enable easy phishing. For example, one fraudulent website may target as many as 50 different banks under individual subdirectories.

- During the first six months of 2006, Websense Security Labs saw more cases – and more sophisticated use – of cyber-extortion. This form of cyber-extortion allows malicious hackers to keep data hostage on an end-users machine while demanding a monetary sum to unlock the data. Along with the higher numbers, the Labs noted better encryption, making it harder to recover the data and to reverse engineer and develop effective countermeasures.

- Websense Security Labs discovered more botnets (collections of compromised machines) using peer-to-peer (P2P) technologies to gain control, making it more difficult to disable them. The use of the web to control botnets has also increased; allowing botnet owners to more easily control the machines via a web page.

Major Findings by Websense Security Labs during the first half of 2006
- January 5, 2006 - Websense Security Labs was the first to discover more than 1,100 URLs that were attempting to exploit users who had not installed the patch for the Microsoft Windows Metafile (WMF) vulnerability which was discovered by Websense Security Labs in mid-December 2005. Most attacks were Trojan horse downloaders which updated over HTTP and installed and ran other pieces of malicious code.

- March 24, 2006 - Websense Security Labs was the first to discover 200 unique URLs that were attacking a revealed Internet Explorer "zero-day"vulnerability that could allow code to launch without end-user consent. The most common attack was the use of shellcode to run a Trojan horse downloader that downloaded additional payload code over HTTP. The additional payload was various forms of bots, spyware, backdoors, and other Trojan downloaders.

- June 21, 2006 - Websense Security Labs reported on end-users being lured to install malicious code via Short Message Service (SMS) messages (also known as text messages). Victims received an SMS message on their mobile phone, thanking them for subscribing to a fictitious dating service. The message stated that the subscription fee of $2.00 per day will be automatically charged to their cell phone bill until their subscription is cancelled at the online site.

- June 21, 2006 - Websense Security Labs reported a new type of attack that used email and voice over telephone, otherwise known as Vishing. The Vishing attack targeted customers of Santa Barbara Bank & Trust. Like traditional phishing attacks, users received a spoofed email message. However, unlike the most popular forms of phishing, where users are lured to a fraudulent website, this lure directed users to a telephone number.

About Websense, Inc.
Websense, Inc. (NASDAQ:WBSN), a global leader in web security and web filtering software, is trusted to protect 24 million employees worldwide. Websense proactively discovers and immediately protects customers against web-based threats such as spyware, phishing attacks, viruses and crimeware with maximum protection and minimal effort. With diverse partnerships and integrations, Websense enhances our customers' network and security environments. For more information, visit


© Scoop Media

Business Headlines | Sci-Tech Headlines


Watch This Space: Mahia Rocket Lab Launch Site Officially Opened

Economic Development Minster Steven Joyce today opened New Zealand’s first orbital launch site, Rocket Lab Launch Complex 1, on the Mahia Peninsula on the North Island’s east coast. More>>


Marketing Rocks!
Ig Nobel Award Winners Assess The Personality Of Rocks

A Massey University marketing lecturer has received the 2016 Ig Nobel Prize for economics for a research project that asked university students to describe the “brand personalities” of three rocks. More>>


Nurofen Promotion: Reckitt Benckiser To Plead Guilty To Misleading Ads

Reckitt Benckiser (New Zealand) intends to plead guilty to charges of misleading consumers over the way it promoted a range of Nurofen products, the Commerce Commission says. More>>


Half A Billion Accounts, Including Xtra: Yahoo Confirms Huge Data Breach

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. More>>


Rural Branches: Westpac To Close 19 Branches, ANZ Looks At 7

Westpac confirms it will close nineteen branches across the country; ANZ closes its Ngaruawahia branch and is consulting on plans to close six more branches; The bank workers union says many of its members are nervous about their futures and asking ... More>>

Interest Rates: RBNZ's Wheeler Keeps OCR At 2%

Reserve Bank governor Graeme Wheeler kept the official cash rate at 2 percent and said more easing will be needed to get inflation back within the target band. More>>


Get More From Scoop

Search Scoop  
Powered by Vodafone
NZ independent news