Findings of the Q1 2010 “State of the Web” security report

Zscaler’s newly released Q1 2010 State of the Web report details the enterprise threat landscape and the variety of Web-based issues plaguing Internet users. Among numerous findings, the report details several growing threat vectors, including attackers leveraging search engines and growing fake anti-virus threats.
Here are some of the top findings detailed in the new Zscaler State of the Web report:

  • Google services (search, Gmail, blogs, groups, etc.) are topping the list of threats that result in malicious software being downloaded and installed without end-users’ knowledge or consent; this followed by ThePlanet, a large hosting provider with a history of criminal abuse.
  • End-users are falling prey to numerous social engineering schemes; at the top of the list, 13.58% are aggressively being tricked into running fake anti-virus. Zscaler Research explains what’s happening, how SEO is being leveraged, and why these threats aren’t going away any time soon.
  • The Eleonore exploit kit makes up roughly 5% of browser exploits and growing; Zscaler tells which kits have particular features and why they’re so valuable to the underground.
  • Phishing exploits in the huge ponds of Facebook and World of Warcraft (WoW) are yielding big catches; Zscaler advises how SEO and injected content are enabling perpetrators.
  • Mature botnets, such as Monkif, Torpig, Zeus and Koobface, continue to survive and thrive in spite of industry awareness and efforts to thwart them .
  • Zero-day vulnerabilities are forcing enterprises to abandon IE6, but usage of the nine-year-old Web browser still remains unacceptably high.
  • Big news events throughout the quarter, including the tsunami in Chile, Apple’s iPad release and Toyota’s massive recall, were efficiently leveraged by attackers for the purpose of social engineering.
  • Good content is most often sought from the U.S. [by the global workforce], and, correspondingly, the country also hosts most of the Web’s malicious content as well.
  • Seven of the top 10 countries noted as having more malicious versus benign Websites are currently all in Central and South America. (Find out why and how that may change in the future)
  • A graphical Hilbert Curve representation of the Web shows that despite reports stating we’re running out of IPv4 address space, much of the Internet actually remains untouched.

To obtain a copy of the Zscaler State of the Web report, click here (registration required).


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss