« Blacklisting: More Marketing Than Muscle | Main | Wal-Mart Latest Site Felled in SQL Attacks »
Thursday
Jun052008

Current State of the Web: Under Siege

ScanSafe scans all Web traffic in realtime on behalf of our corporate customers. Currently we're scanning over 10 billion requests per month from datacenters across the globe. We employ behavior modeling, reputation analysis, antivirus signatures and other technologies to analyze each page at the exact moment it's accessed but before it's delivered to the user. This not only provides the optimum level of protection needed with today's hostile Web, it also provides us with many terabytes of data from which we can base our analysis.

In other words, ScanSafe is uniquely positioned to assess the Web threat landscape and its impact on corporate users.

Recently, ScanSafe STAT compared malware blocks in May 2007 to malware blocks in May 2008. To normalize the data set, we used only block data resulting from corporate customers that were common to both months. Our goal: to measure the impact, or what we term 'exposure risk, of today's Web compared to just a year ago. Obviously, we were aware going into this that May 2008 was much worse. But even we were surprised by just how much worse it really is.

Some of the key findings: not only has the corporate user's risk of exposure increased three-fold, but the risk of exposure resulting from compromised Web sites has increased 407%. The vast majority of these compromised Web sites are foisting password stealers and backdoors. As a result, that category of Web-based exposure risk increased 855% in May 2008 compared to May 2007.

Along with the STAT May to May comparison, we also released the regular monthly Global Threat Report (GTR), which looks at all malware blocks from all customers for the month. Data analyzed for the May 2008 GTR revealed that one in 2.5 corporate customers attempted to access sites compromised by SQL injection attacks. And one in 2 had attempted to access sites compromised in what we term 'long tail' attacks - a series of seemingly connected compromises which appear to have resulted through the use of stolen FTP credentials.

For the full reports, visit the links below:

AuthorMary Landesman | CommentPost a Comment | DateThursday, June 5, 2008 at 08:46AM

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>
Alert
Comment Moderation Enabled
Your comment will not appear until it has been cleared by a website editor.

Notify me of follow-up comments via email.