September 2009
Volume 2, Issue 9
Monthly Websense Email Security Threat Brief
Top 10 Classifications of URLs in Email Top 10 ThreatSeekerTM Malware Discoveries & Closed Window of Exposure
Other Tech 1,000,000
Instances AV Exposure Window
140
25% 19% 100,000 120
Instances
100
Hours
10,000
80
1,000
60
100 40
10 20
Health
Malicious 1 0
4%
18%
Business
10%
Forums Shopping
3% Search 7%
Travel Financial
5% 3% 6%
Figure 1: Embedded URLs in Email Figure 2: First to Detect
Understanding how Web URLs in Email are classified Because of the ThreatSeekerTM Network, our Email Security customers are protected
is crucial to stopping converged threats hours, and often days, before other security vendors provide a solution.
KEY STATS Spam Promoting Spam
Monthly Email Trends from the Security Labs
Threats “in the mail” this month:
 3.3 billion messages processed by the Hosted
Infrastructure (over 108 million per day) Links to YouTube videos advertising “Russian spam” have
 84.5% of all email was spam been seen lately in spam coming from Russia. Web 2.0
 84.6% of spam included an embedded URL technologies are widely used in spam and this two minute
 252 thousand instances of 54 unique zero-day
clip explains all the “benefits” of spam. The spammers claim
threats stopped by ThreatSeeker before AV that they only use spam to increase sales and don’t send
 5.4% of spam emails were phishing attacks porn or engage in phishing, but how legal and annoying is
this to spam recipients?
How Websense is addressing these threats:
 99.8% spam detection rate. Websense Hosted A new wave of IRS phishing attacks has been reported. The
Email Security provides 99% spam detection
attack is delivered by the Cutwail/Pushdo botnet and serves
Service Level Agreement.
a ZBot variant. The message may contain a subject line of
 Average false positive rate of 1 in 417,021
“Notice of Underreported Income” and a link to a website
 5.4% average daily threats protected using
ThreatSeeker intelligence before AV signatures which delivers malicious code. Most of the domains
were available associated with this attack were reported and taken down.
What this means: A new type of phishing attack dubbed “chat-in-the-middle
 The threat landscape is dangerous and growing phishing” has been reported by RSA FraudAction Research
more sophisticated.
Lab. In one of the phishing attack stages, the attacker
 Websense is on the forefront of finding these
threats including the increasingly pervasive
launches a live chat support window to steal information
blended threats. from the victim. The live chat window claims to be from the
 Most importantly, Websense is ideally targeted bank, and that it is there to validate the victim's
positioned to address these threats with our account. While email is the most common lure to phishing
market-leading Web security expertise, which attacks, this demonstrates the need for vigilance in all
drives our leadership in protecting from
converged email & Web 2.0 threats. online communications.

Spam as a Percent of Inbound Email
95
Why Websense Email Security?
90
85 - The Websense ThreatSeeker
80 Network provides the
75 intelligence to proactively
70 protect against spam and
malware – far ahead of
traditional anti-spam and anti-
virus alone.
Figure 3 - Percent of email that contains spam (Average 84.5 %)
While this figure fluctuates, this signifies that a very high percentage of incoming email is indeed spam.
Without a strong email security solution, customers will experience bandwidth and storage capacity issues,
- Today’s pervasive blended
frustration, and a drain in productivity, not to mention exposure to significant security risk. threats are best matched by
integration of best-in-class
Websense Web security with
email security for Essential
Information Protection.
Spam Detection Rate
100.0%
99.9%
99.8%
99.7%
99.6%
99.5%
Figure 4 - Percent of spam detected (Average 99.8%)
This is evidence that we are consistently maintaining a very high spam detection rate. Therefore,
customers should be very confident that with Websense they are receiving the best in anti-spam
protection.
False Positive Rate (1 in X)
2,500,000
250,000
25,000
2,500
Figure 5 - False Positive Rate (Average 1 in 417,021)
This shows how Websense is consistently maintaining a very low false positive rate.
While Websense is catching a high percentage of spam, customers are rarely inhibited by messages
falsely landing in a spam queue.