1. Decemember 2009
Volume 2, Issue 12
Monthly Websense Email Security Threat Brief
Top 10 Classifications of URLs in Email Top 10 ThreatSeekerTM Malware Discoveries & Closed Window of Exposure
Instances AV Exposure Window
Other 10,000 140
Malicious 10 40
Social 1 0
Search Forums 5%
7% 5% 4%
Figure 1: Embedded URLs in Email Figure 2: First to Detect
Understanding how Web URLs in Email are classified Because of the ThreatSeekerTM Network, our Email Security customers are protected
is crucial to stopping converged threats hours, and often days, before other security vendors provide a solution.
KEY STATS Social Spamineering
Monthly Email Trends from the Security Labs
Threats “in the mail” this month:
3.2 billion messages processed by the Hosted
Infrastructure (over 103 million per day) December brought several major attacks in which hackers built
their social-engineering campaigns around two main themes –
86.8% of all email was spam
1) the H1N1 scare, and 2) Facebook Password resets.
91.4% of spam included an embedded URL
55 thousand instances of 22 unique zero-day In the first tactic, spammer sent emails masquerading as the
threats stopped by ThreatSeeker before AV
CDC (Center for Disease Control), calling recipients to
2.9% of spam emails were phishing attacks "follow this link" for a "vaccination profile". The link leads to
How Websense is addressing these threats: a fake CDC Web site where visitors may be infected. The
99.7% spam detection rate. Websense Hosted email subject line changes: variations include
Email Security provides 99% spam detection "Governmental registration program on the H1N1
Service Level Agreement. vaccination" and "Your personal vaccination profile".
Average false positive rate of 1 in 577,618
1% average daily threats protected using The second tactic was an email purporting to be from
ThreatSeeker intelligence before AV signatures Facebook with a malware attachment. The email claims that
were available the recipient's Facebook password has been reset for
security reasons and that the recipient should open the
What this means:
attachment to find the new password. As a matter of
The threat landscape is dangerous and growing
more sophisticated. course, nobody should ever open an attachment to get a
Websense is on the forefront of finding these new password, yet these attacks often succeed. Victims
threats including the increasingly pervasive would find themselves infected with the Bredolab Trojan
blended threats. Downloader.
Most importantly, Websense is ideally
positioned to address these threats with our Can people tell the difference between a real and fake Web
market-leading Web security expertise, which site? A recent study discovered that about 45% of the time
drives our leadership in protecting from
converged email & Web 2.0 threats. people submit their information to a phishing site.
2. Spam as a Percent of Inbound Email
Why Websense Email Security?
85% - The Websense ThreatSeeker
80% Network provides the
75% intelligence to proactively
70% protect against spam and
malware – far ahead of
traditional anti-spam and anti-
Figure 3 - Percent of email that contains spam (Average 86.8%)
While this figure fluctuates, this signifies that a very high percentage of incoming email is indeed spam.
Without a strong email security solution, customers will experience bandwidth and storage capacity issues,
- Today’s pervasive blended
frustration, and a drain in productivity, not to mention exposure to significant security risk. threats are best matched by
integration of best-in-class
Websense Web security with
email security for Essential
Spam Detection Rate
Figure 4 - Percent of spam detected (Average 99.7%)
This is evidence that we are consistently maintaining a very high spam detection rate. Therefore,
customers should be very confident that with Websense they are receiving the best in anti-spam
False Positive Rate (1 in X)
Figure 5 - False Positive Rate (Average 1 in 577,618)
This shows how Websense is consistently maintaining a very low false positive rate.
While Websense is catching a high percentage of spam, customers are rarely inhibited by messages
falsely landing in a spam queue.