SAN DIEGO, July 25 /PRNewswire-FirstCall/ -- Websense, Inc., the world's leading provider of employee internet management solutions, today announced that free personal web hosting sites are increasingly being exploited by hackers seeking affordable and anonymous ways to store and disseminate mobile malicious code (MMC) and dangerous types of spyware, such as keyloggers, which are designed to steal personal and confidential information. Since the beginning of 2005, Websense(R) Security Labs(TM) has discovered more than 2,500 incidents of these websites distributing MMC, Trojan horses and keyloggers. Websense(R) software protects organizations from inadvertently becoming victims of these attacks by blocking access to infected sites and preventing harmful spyware applications from running on end-users' machines.
In the first two weeks of July 2005 alone, Websense Security Labs has discovered more than 500 incidents of free web hosting sites that were created to spread keyloggers, Trojan horse downloaders, Trojan horse droppers, and other harmful spyware and malware. Earlier this year, Websense reported that free blogging accounts were being used to harbor malcode -- this trend is now expanding to any form of free web hosting site. The recently uncovered sites include those available for hosting online journals, photo albums, greeting cards, music, sports 'fan' pages and online scrapbooks, among many other popular purposes.
"The growth of this trend is alarming. July has seen a major boom-in the first two weeks alone we found more instances than in May and June combined," said Dan Hubbard, senior director of security and technology research for Websense. "Some of the sites may be created with automated shared hacking software and free online tools, while others are built to appear more legitimate. For example, one of the sites found by the Labs included music that accompanied a greeting-card message which runs while your computer is being infected with spyware."
These fraudulent, free personal websites have an average lifespan of two to four days, making them difficult to trace. In addition, a majority of the new sites discovered by Websense have been hosted in Brazil or the United Kingdom and contain text written in Portuguese and English.
"Hackers create their own pages with the sole purpose of spreading harmful code and combine deception techniques, such as social engineering, to entice users to visit and run the malicious code," added Hubbard. "To allow accounts to remain free, most of the hosting sites are not providing security features to prevent this anonymous posting of malignant Trojan horses."
Websense Security Labs scans over 60 million websites each day for malicious code. The team manages a honeynet of unprotected computers to discover MMC, new Trojan horses, malicious spyware such as keyloggers, and blended threats. The findings are used to study their techniques, actions, and behavior on an enterprise network system. Information gained from the network of honey clients provides valuable information that enables Websense Security Labs to discover attacks quickly and deliver a remedy to Websense customers before antivirus signatures are available, thus closing a critical opportunity for exposure immediately.
Websense Web Security Suite(TM) provides an integrated web security solution that blocks MMC, and prevents spyware and keylogging transmissions back to their host sites. The Websense Web Security Suite provides real-time internet security updates for immediate protection from new security threats and includes robust reporting and analysis tools that provide organizations with complete information on user access to fraudulent sites or vulnerability to malicious code.
Websense software is available for organizations who wish to protect themselves from internet and application security threats. For a free 30-day evaluation of Websense software or for more information on protecting your organization from a wide range of threats including spyware, peer-to-peer, virus outbreaks and internal hacking exploits, please visit www.websense.com. Websense Security Labs offers free email security updates as new internet threats are discovered and is available at www.websensesecuritylabs.com.
