Zscaler Releases Q1 2010 “State of the Web” Report

Sunnyvale, California, May 25, 2010

Zscaler today released its Q1 2010 State of the Web report. The report details the enterprise threat landscape and the variety of Web-based issues plaguing Internet users. Among numerous findings, the report details several growing threat vectors, including attackers leveraging search engines and growing fake anti-virus threats.

Here are some of the top findings detailed in the new Zscaler State of the Web report:

  • Google services (search, Gmail, blogs, groups, etc.) are topping the list of threats that result in malicious software being downloaded and installed without end-users’ knowledge or consent; this followed by ThePlanet, a large hosting provider with a history of criminal abuse.
  • End-users are falling prey to numerous social engineering schemes; at the top of the list, 13.58% are aggressively being tricked into running fake anti-virus. Zscaler Research explains what’s happening, how SEO is being leveraged, and why these threats aren’t going away any time soon.
  • The Eleonore exploit kit makes up roughly 5% of browser exploits and growing; Zscaler tells which kits have particular features and why they’re so valuable to the underground.
  • Phishing exploits in the huge ponds of Facebook and World of Warcraft (WoW) are yielding big catches; Zscaler advises how SEO and injected content are enabling perpetrators.
  • Mature botnets, such as Monkif, Torpig, Zeus and Koobface, continue to survive and thrive in spite of industry awareness and efforts to thwart them .
  • Zero-day vulnerabilities are forcing enterprises to abandon IE6, but usage of the nine-year-old Web browser still remains unacceptably high.
  • Big news events throughout the quarter, including the tsunami in Chile, Apple's iPad release and Toyota's massive recall, were efficiently leveraged by attackers for the purpose of social engineering.
  • Good content is most often sought from the U.S. [by the global workforce], and, correspondingly, the country also hosts most of the Web’s malicious content as well.
  • Seven of the top 10 countries noted as having more malicious verses benign Websites are currently all in Central and South America. (Find out why and how that may change in the future)
  • A graphical Hilbert Curve representation of the Web shows that despite reports stating we’re running out of IPv4 address space, much of the Internet actually remains untouched.

“Attackers are continuing to refine their methods and when opportunities arise, they are able to deploy effective attacks within minutes,” according to Michael Sutton, VP of Security Research at Zscaler. “Whether employing black hat SEO tactics, infecting legitimate sites or spreading fake anti-virus software, they are repeating practiced and automated attack techniques that are succeeding with frightening efficiency.” He continued: “Something else we can conclude is that not only are attacks getting more and more sophisticated and targeted, but knowledge of them—such as the big botnets—isn’t making them go away.”

As a Security-as-a-Services (SaaS) vendor with a global network of enforcement nodes, Zscaler encounters a multitude of attacks each and every day. The company’s Nanolog technology, which is game changing in its ability to minimize logs exponentially without losing data, enables real-time reporting at the transaction level, giving Zscaler’s research team an edge in drilling down on or identifying new threats. The new report summarizes the threat activity over the course of the quarter and identifies emerging attack trends.

To obtain a copy of the Zscaler State of the Web report, please visit: https://www.zscaler.com/zscaler-state-of-the-web-q1-2010.html.



About Zscaler

Zscaler is revolutionizing Internet security with the industry’s first Security as a Service platform. As the most innovative firm in the $35 billion security market, Zscaler is used by more than 5,000 leading organizations, including 50 of the Fortune 500. Zscaler ensures that more than 15 million users worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies.

Zscaler is a Gartner Magic Quadrant leader for Secure Web Gateways and delivers a safe and productive Internet experience for every user, from any device and from any location — 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance. Zscaler delivers unified, carrier-grade internet security, next generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence—all without the need for on-premise hardware, appliances or software. To learn more, visit us at www.zscaler.com.


Additional Resources:

Media Contacts:

Whitney Black 
Director of Communications 
650-260-4616
joynpx@mfpnyre.pbz