"State of the Web" Q1 Security Report Released

State of the Web Q1 2010
The first quarter of 2010 saw a number of significant events including earthquakes in Chile and Haiti. Apple announced the iPad and Toyota took responsibility for a massive recall. Attackers on the other hand, were busy taking advantage of all of the events leveraging search engine optimization attacks to lure unsuspecting victims to malicious sites attacking web browser vulnerabilities or serving up fake antivirus software that now accounts for the majority of content on the web. Botnet activity remained strong and the Eleanore exploit kit was also the source of 5% of all browser exploits that were encountered. That said, enterprises are finally starting to phase out Internet Explorer 6 and it lost 7.5% market share this past quarter.
What you will find in the report:

Zscaler's newly released Q1 2010 State of the Web report details the enterprise threat landscape and the variety of Web-based issues plaguing Internet users. Among numerous findings, the report details several growing threat vectors, including attackers leveraging search engines and growing fake anti-virus threats.  Here are some of the top findings detailed in the new Zscaler State of the Web report:

• Google services (search, Gmail, blogs, groups, etc.) are topping the list of threats that result in malicious software being downloaded and installed without end-users’ knowledge or consent; this followed by ThePlanet, a large hosting provider with a history of criminal abuse.


• End-users are falling prey to numerous social engineering schemes; at the top of the list, 13.58% are aggressively being tricked into running fake anti-virus. Zscaler Research explains what’s happening, how SEO is being leveraged, and why these threats aren’t going away any time soon.


• The Eleonore exploit kit makes up roughly 5% of browser exploits and growing; Zscaler tells which kits have particular features and why they’re so valuable to the underground.


• Phishing exploits in the huge ponds of Facebook and World of Warcraft (WoW) are yielding big catches; Zscaler advises how SEO and injected content are enabling perpetrators.


• Mature botnets, such as Monkif, Torpig, Zeus and Koobface, continue to survive and thrive in spite of industry awareness and efforts to thwart them .


• Zero-day vulnerabilities are forcing enterprises to abandon IE6, but usage of the nine-year-old Web browser still remains unacceptably high.


• Big news events throughout the quarter, including the tsunami in Chile, Apple's iPad release and Toyota's massive recall, were efficiently leveraged by attackers for the purpose of social engineering.


• Good content is most often sought from the U.S. [by the global workforce], and, correspondingly, the country also hosts most of the Web’s malicious content as well.


• Seven of the top 10 countries noted as having more malicious versus benign Websites are currently all in Central and South America. (Find out why and how that may change in the future)


• A graphical Hilbert Curve representation of the Web shows that despite reports stating we’re running out of IPv4 address space, much of the Internet actually remains untouched.

To obtain a copy of the Zscaler State of the Web report, click here(registration required).