February 4, 2010

Websense Security Labs Report - State of Internet Security, Q3-Q4 2009


The second half of 2009 saw malware authors focus their efforts to ensure they drove victims straight to them. In contrast to the first half of the year where mass injection attacks like Gumblar, Beladen and Nine Ball promoted a sharp rise in the number of malicious Web sites, Websense Security Labs observed a slight (3.3 percent) decline in the growth of the number of Web sites compromised. Instead, attackers replaced their traditional scattergun approach with focused efforts on Web 2.0 properties with higher traffic and multiple pages.

Over the six month period, Search Engine Optimization (SEO) poisoning attacks featured heavily, and Websense Security Labs research identified that 13.7 percent of searches for trending news/buzz words lead to malware. In addition, attackers continued to capitalize on Web site reputation and exploiting user trust, with 71 percent of Web sites with malicious code revealed to be legitimate sites that had been compromised.

Web security intelligence remains a critical component of any email and data security strategy as illustrated by the continued popularity of blended threats (spam emails with embedded URLs). During the second half of 2009 Websense Security Labs discovered:

  • 13.7 percent of searches for trending news/buzz words (as defined by Yahoo Buzz & Google Trends) lead to malware
  • 95 percent of user-generated comments to blogs, chat rooms and message boards are spam or malicious
  • 35 percent of malicious Web attacks included data-stealing code
  • 58 percent of data-stealing attacks are conducted over the Web
  • 5.8 percent of all emails were spam
  • An average growth of 225 percent in malicious Web sites

These discoveries, along with details on other exploits and analysis of Web, email and data security trends during the second half of 2009 are explored in the Websense Security Labs “State of Internet Security” report.
The full report is available here.

An archived Webcast presentation about the report can be found here.

Watch the video overview of the findings below, or by clicking here.



Forcepoint-authored blog posts are based on discussions with customers and additional research by our content teams.

Read more articles by Forcepoint

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.