ScanSafe Reports Spyware Skyrockets 254 Percent in 2006 While Web Viruses Decline 32 Percent

Web-Based Malware Converges Into Newer, Shorter-Lived and More Damaging Threats

WebKnowHow
Monday, January 29, 2007; 03:33 AM

ScanSafe, a leading global provider of Web Security-as-a-Service, today issued its Annual Global Threat Report. The report is based on an analysis of more than 60 billion Web requests processed in 2006 by the ScanSafe Threat Center on behalf of the company’s corporate customers in more than 30 countries across five continents. It represents the world’s largest security analysis of real-world Web traffic.

Among the report’s findings, the convergence of threats dominates the Web security landscape. In 2006, ScanSafe blocked 254 percent more instances of spyware and saw 32 percent fewer Web viruses than it did in 2005. However, the number of new unique Web viruses continues to grow and mutate to pose new threats.

“Not only did we see relentless growth in spyware throughout the year, but we saw that it is increasingly harboring more sinister payloads,” said Dan Nadir, vice president of product strategy at ScanSafe. “We also noticed a trend towards Web viruses being leveraged to spread spyware. The net result is that the line between spyware and Web viruses has become so blurred that malware is the only appropriate term to describe the ever increasing permutations of Web-based threats.”

Other key findings from the report include:

• One in five Internet searches generates links to either malware or inappropriate content

Search engines have become a significant gateway for exposure to Web threats. In a sample of the most commonly searched terms (as determined by the Google Zeitgeist report), one in five searches generated links to either malware or inappropriate content. Offensive content represents the greatest risk, accounting for 80 percent of total search blocks. This highlights the increasing risk for corporate users: search results can negatively impact productivity if not managed correctly and also represent risk vectors for information leakage and legal threats.

• New Web viruses now outnumber existing Web viruses and the zero-hour risk increases

For the first time, ScanSafe saw new Web viruses cause more blocks than previously seen Web viruses. Moreover, while the average active life (‘time in the wild’) decreased from 5 months to 3.3 months, protection from zero-hour threats – threats that appear before an anti-virus signature is available — is more critical than ever as there is still a significant time lag before updates are released and installed.

• New communication channels, new risks: Chat and IM account for 15 percent of Web filtering blocks

Managing Web content accessed by employees remains a major concern for corporate IT administrators. Web chat and IM accounted for the largest single percentage (15 percent) of Web filtering content blocks in 2006. This trend reflects the rise of ‘presence communications’ like IM, blogs and wikis. These new channels give rise to familiar security concerns.

• Hackers get personal

As operating systems become more ‘locked down’ with built-in features to make installing unsolicited software more difficult, malware authors are using social engineering tactics to help fuel threat propagation. Twenty-six percent of Web viruses blocked by ScanSafe used some form of social engineering to trick users into installing malware. By luring users into downloading malware by offering free MP3s or pornographic pictures, for example, malware can bypass many security precautions.

• Financially-motivated Web viruses rise by 310 percent

There was a significant rise in the number of Web virus attacks designed to steal financial information from users. Over 84 percent of ScanSafe's customer base would have been exposed to this type of malware, had they not deployed Web Malware Scanning. This represents a 310 percent increase from 2005. Furthermore, over 65 percent of Web virus payloads were intended to achieve some direct financial benefit.

• Web 2.0 becomes a target: up to one in 600 pages on social networking sites harbors malware

Web 2.0 sites are increasingly being targeted by malware authors. For example, up to one in 600 pages on social networking sites harbors malware. The growing popularity of many Web 2.0 sites makes them a rich target. In addition, many Web 2.0 applications raise the importance of the integrity of the browser, as the functionality it provides becomes more critical. In 2006 ScanSafe saw an increasing number of exploits specifically attacking the browser.

“In 2006 more than any previous year, the Web became ground-zero for criminal malware attacks,” said Nadir. “The nature and types of threats are proliferating so quickly and becoming so sophisticated that the Web has become one of the fastest growing threat vectors. The key lesson is that you cannot simply rely on periodically updated databases of suspect URLs or anti-virus engines alone to protect your network from Web threats.”

By scanning all content seen across its network in real-time, profiling the characteristics and behavior of the code, building intelligence that is shared across the global ScanSafe network, and checking against leading signature-based systems – ScanSafe can offer a superior level of threat protection.

“You wouldn’t feel very safe if the only security check used in airport screening was matching your name to a periodically updated central register of suspect individuals,” Nadir explained. “However, you would—and probably do feel more secure when airport screening uses real-time, multi-layered screening. In other words, checking every single passenger each time they travel by passing them though scanning machines, and having expert methods for identifying suspicious characteristics in addition to having a no fly list.”

The ScanSafe Annual Global Threat Report reviews Web-based threats as‧ seen by ScanSafe’s leading security platform, Outbreak Intelligence™ and gathered from ScanSafe’s unique position ‘in-the-cloud,’ providing insight into the nature and impact of the security risks actually faced by businesses, as well as analysis of their behavior. It is based on threat intelligence gathered from ScanSafe’s range of services - Web Malware Scanning, Web Filtering and IM Control as well as research on search threats.

To obtain a full copy of the ScanSafe Annual Global Threat Report, please visit www.scansafe.com

About ScanSafe

ScanSafe is the leading global provider of Web Security-as-a-Service, ensuring a safe and productive Internet environment for businesses. ScanSafe solutions keep viruses and spyware off corporate networks and allow businesses to control and secure the use of the Web and instant messaging. As a fully managed service, ScanSafe’s solutions require no hardware, upfront capital costs or maintenance and provide unparalleled real-time threat protection.

Powered by its proactive, multi-layered Outbreak IntelligenceTM threat detection technology, ScanSafe processes billions of Web requests and blocks millions of threats each month for customers worldwide, including Rothschild, Condé Nast and BMW.

Since pioneering the market for Web Security-as-a-Service, ScanSafe continues to deliver innovative Web security solutions, including the introduction of ScandooTM—the world’s first free Internet safe search tool that classifies search engine results based on the presence of malware and unwanted content.

With offices in London and San Mateo, California, ScanSafe is privately owned and financed by Benchmark Capital. The company received the Info Security Global Product Excellence Award for Best Managed Security Service, and was named one of Red Herring’s Top 100 Technology companies. For more information, visit www.scansafe.com.