Start New Discussion within our Digital Marketing Community

Websense Security Labs has published its bi-annual State of Internet Security report and, as usual, it makes for pretty interesting if somewhat scary reading.

Covering the last six months of 2009, the report is based upon the findings of the ThreatSeeker Network which is used to discover, classify and monitor global Internet threats and trends courtesy of something called the Internet HoneyGrid. This comprises of honeyclients and honeypots, reputation systems and advanced grid computing systems, all of which combine to parse through one billion pieces of content every day while searching for security threats. Every single hour the Internet HoneyGrid scans some 40 million websites for malicious code as well as 10 million emails for unwanted content and malicious code.

So what did the HoneyGrid have to report about the Internet security threatscape for Q3/Q4 2009?

Here are the key findings:

  • 13.7% of searches for trending news/buzz words (as defined by Yahoo Buzz & Google Trends) led to malware.
  • The second half of 2009 revealed a 3.3% decline in the growth of malicious Web sites compared to the first half of the year. Websense Security Labs believes this is due to the increased focus on Web 2.0 properties with higher traffic and multiple pages.
  • However, comparing the second half of 2009 with the same period in 2008, Websense Security labs saw an average of 225% growth in malicious Web sites.
  • 71% of Web sites with malicious code are legitimate sites that have been compromised.
  • 95% of user-generated posts on Web sites are spam or malicious.
  • Consistent with previous years, 51% of malware still connects to host Web sites registered in the United States.
  • China remains second most popular malware hosting country with 17%, but during the last six months Spain jumped into the third place with 15.7% despite never having been in the top 5 countries before.
  • 81% of emails during the second half of the year contained a malicious link.
  • Websense Security Labs identified that 85.8% of all emails were spam.
  • Statistics for the second half of 2009 show spam emails broke down as 72% (HTML), 11.2% (image), 14.4% (plain text with URL) and 2.4% (plain text with no URL).
  • 35% of malicious Web-based attacks included data-stealing code.
  • 58% of all data-stealing attacks are conducted over the Web.
Nice news article :)

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

What is meaning of:
95% of user-generated posts on Web sites are spam or malicious

If the computer creating the post is compromised it is not user generated.
If the computer creating the post is not compromised, how is the post spam or malicious?

Have you not seen forums in which fake posts are made by a script advertising the latest deals in erectile dysfunction drugs? That's what it meant by 'user-generated'. Fairly obvious to most, I would think.

Yep, user generated content as in forum postings, blog comments and the like. We all know that there is a certain amount of spam, and indeed malicious link spam at that, amongst UGC (our moderator team spends a great deal of time here at DaniWeb clearing the spam out of the forums) but it came as quite a surprise to see that 95% figure being quoted in the report.

Wow.. I thought most of those posts were from compromised machines and not UGC!!!

Stunning and Sad all at once that so many idiots are running around!

And when mixing this fake 'user generated' content with Google AdWords, both Google and the person posting the content are laughing all the way to the bank at the expense of the advertiser.


The problem with China and other countries doing malware spamming Illegal activities is that it is almost impossible to stop them.

95% of user-generated posts on Web sites are spam or malicious.

Total BS on that one.

The article starter has earned a lot of community kudos, and such articles offer a bounty for quality replies.