Not that it is news to our group but we have been saying the same thing to Management in hopes of purchasing a Web Filter Appliance (Specifically the IronPort S650) to work with our two current IronPort C350 MTA's.
But it always takes a consulting company to say the same things we have been saying for them to "buy in" to the concept.
I emailed your article to Management and am going to follow-up by emailing them the PDF of the report, after that they'll each have a full color double sided print of the report sitting on their desks. I don't give up easily as I am part of the Desktop Enterprise Management team and we have to create custom fixlet for Bigfix for most everything except Microsoft patches and we have been doing a lot of that lately.
About 75 percent of all Web sites serving up malicious code are legitimate sites that have been hacked/compromised, according to a new report from WebSense.
This number validates statistics from ScanSafe showing a dramatic rise in ‘good’ sites being being used as a conduit for drive-by malware downloads and other social engineering attacks.
[ SEE: The key to an open, transparent malware filtering system ]
Even more worrisome, the WebSense report (pdf) says that 60 percent of the top 100 most popular Web sites have either hosted or been involved in malicious activity in the first half of 2008.
Some additional highlights:
- 12 percent of Web sites infected with malicious code were created using Web malware exploitation kits, a decrease of 33 percent since December 2007. Websense researchers believe this decrease may be attributed to attackers launching more customized attacks to avoid
signature detection by security measures. - 29 percent of malicious Web attacks included data-stealing code.
- 46 percent of data-stealing attacks are conducted over the Web.
- 87 percent of email messages are spam. this percentage remains the same as the second half of 2007.
- 76.5 percent of all emails in circulation contained links to spam sites and/or malicious Web sites. this represents an 18 percent increase over the previous six-month period.
- 85 percent of unwanted (spam or malicious) emails contain a link.
- Pornography-related spam decreased by more than 70 percent and is no longer the most popular topic for spam. Shopping (20 percent), cosmetics (19 percent), and Medical (11 percent) represent the majority of today’s spam.
- 9 percent of spam messages are phishing attacks, representing a 47 percent increase over the last six months.
WebSense also provided confirmation of what we’ve been reporting here on Zero Day:
Top 10 Web Attack Vectors in 1st Half of 2008:
- Browser vulnerabilities
- Adobe Flash vulnerabilities.
- ActiveX vulnerabilities.
- sQL injection.
- Adobe Acrobat Reader vulnerabilities.
- Content management systems (CMS) vulnerabilities.
- Apple QuickTime vulnerabilities.
- Malicious Web 2.0 components (Facebook applications, third-party widgets/gadgets, banner ads, etc.)
- RealPlayer vulnerabilities.
- DNS cache poisoning.
See additional reporting by from Brian Krebs at the Washington Post, Matt Hines at eWEEK and this Techmeme discussion.
