Internet Users Are Only Two Clicks Away from Malicious Content
Top Sites, Poisoned Search, and Malicious Links on a Short Path to Malware
SAN DIEGO – September 28, 2010 –
- In this inaugural “Websense Insight,” Websense reports on how most Internet users are only two clicks away from malicious content from top sites, poisoned search results, and malicious links.
- Top sites: The path to malware often starts on recreational sites, and most of the top sites are perilously close to danger. We found that users of the top 1,000 sites are rarely more than two clicks away from malicious content. This includes:
- More than 70 percent of top news and media sites
- More than 70 percent of the top message boards and forums
- More than 50 percent of social networking sites
- Poisoned search: Cybercriminals are poisoning search results with malicious links for top trends at a startling rate. For example, searches for trending news and buzz words increased from 14 percent in early 2010 to 22 percent a few months later.
- Popular beats porn. Websense research shows that you have a higher chance of running into malicious content from a “breaking trends” search such as a “World Cup 2010” than you do from sexual content searches. For example, a whopping 25 percent of the results from a search for “World Cup 2014” were malicious.
- General search also resulted in a surprisingly high number of threats because criminals have learned to target very specific terms. For example, 30 percent of our results for baby bedding and décor in London were poisoned and 12 percent of our results for vehicle car parts in Toronto were compromised.
- Malicious links: We also examined the prevalence of websites containing malicious links, as opposed to malicious content. These sites don’t deliver malware themselves – but while you are on such a “trusted” site, you are only one dangerous click away from an infected site. Many of the Internet’s top sites will lead you to malicious content through the extensive network of partner sites that they are linked to.
- Websense uses link analysis to seek out risky websites that have a high probability of linking to bad content. In fact, the more objectionable a topic is, the tighter the ecosystem of links is, and the easier it is to use link analysis to find objectionable or malicious content. We recently found that 22 percent of links in sex and adult sites lead to malicious sites. More astounding is the way that high-risk sites are used to communicate and exchange information:
- 62 percent of the sites that link to games also link to something objectionable or a security risk
- 23 percent of blogs link to something objectionable or a security risk
- 23 percent of message boards link to something objectionable or a security risk
- 21 percent of freeware sites link to something objectionable or a security risk
- Social networking sites are also vectors for malicious links. About 40 percent of every status update on Facebook has a link, and 10 percent of those links are either malicious or spam.
- Findings were announced today via the first “Websense Insights” online videos. This new, innovative series provides researchers, information security professionals, and Websense customers with an up-to-date overview on breaking security research conducted by the Websense Security Labs and other security researchers around the globe.
- Defensio™ analyzes and classifies user-generated content on Facebook with Websense Advanced Classification Engine (ACE) to prevent the posting of malicious and inappropriate content, and enhances the real-time threat intelligence of the Websense® Web Security Gateway. In this way, it acts as a social media threat detector that benefits all Websense customers.
“No matter how careful you are, today’s Internet user is usually only two short clicks away from malicious content and an infected computer or network,” said Charles Renert, senior director, Security Research for Websense. “Cybercriminals are increasingly more ingenious in developing robust systems for enticing users to malicious sites. As Web and social media become more essential in the workplace, companies need information security protection technology that allows flexible Web use and keeps their content secure with real-time inspection.”
“We created the online ‘Websense Insights’ research series so that our customers can quickly learn about the latest Web findings and take action to thwart the bad guys,” said Renert. “Our deep, unprecedented knowledge of the Web helps organizations best leverage social media and the Web and do it safely. “
Click to view the first “Websense Insights” video, “Link Analysis – What are People Linking to on Facebook and Twitter?”
Click to view the “Websense Insights” video, “The Route to Malware”
Click to view a behind-the-scenes video, which features Websense Labs top security researchers explaining the Websense Advanced Classification Engine (ACE). This technology serves as the engine driving Websense content security products to protect against malicious scripts and zero-day threats that evade antivirus products.
Click to share “Link Analysis – What are People Linking to on Facebook and Twitter?” on Facebook.
Click to share “Link Analysis – What are People Linking to on Facebook and Twitter?” on LinkedIn.
Click to share “Websense Insights” video, “The Route to Malware” on Facebook.
Click to share “Websense Insights” video, “The Route to Malware” on LinkedIn.
Click to share on Twitter:
Internet users are only two clicks away from malicious content, click 2 C video @Websense http://bit.ly/9Qe9lx
What are People Linking to on Facebook and Twitter?; Click 2 C first link analysis video @Websense http://bit.ly/cH4V6C
Insights Blog: See “Websense Insights” post and more expert content security commentary.
Facebook: “Like” Websense.
Twitter: Follow @Websense.
To learn more about Websense business solutions for using the social Web safely, visit Websense.com. If you want to protect your social media sites and Facebook pages from malicious links, spam or profanity, visit Defensio.com for the only social media threat detection application.
Websense, Inc. (NASDAQ: WBSN), a global leader in unified Web, data and email content security solutions, delivers the best security for modern threats at the lowest total cost of ownership to tens of thousands of enterprise, mid-market and small organizations around the world. Distributed through a global network of channel partners and delivered as software, appliance and software-as-a-service (SaaS), Websense content security solutions help organizations leverage new communication, collaboration, and Web 2.0 business tools while protecting from advanced persistent threats, preventing the loss of confidential information and enforcing Internet use and security policies. Websense is headquartered in San Diego, California with offices around the world. For more information, visit websense.com.
Close window | Back to top