With extensive internet and malicious code categorization expertise, Websense Security Labs provides research and delivers timely product and information updates to the security community and Websense customers to support them in making their infrastructures more secure.

The use of the web to launch attacks, and the variety of methods used to launch attacks also increased in the second half of 2005. The number of malicious websites and the amount of malicious code being released with criminal intent (crimeware) continued to rise. The phishing landscape also changed considerably, with significant differences in types of targets and attacks. We noticed a trend toward the testing and upgrading of exploits to improve their effectiveness before full-scale launch. We saw browser and operating system exploits being used more frequently. These included zero-day exploits used for spyware, crimeware, phishing, and keylogger installations.

In H2 2005, successful exploitation of these vulnerabilities enabled attackers to execute code on the workstations of unsuspecting users without their knowledge or consent even fully patched workstations. Several wide-scale infections of this type were reported, many of which included bundled affiliates. We saw the introduction of a new targeted phishing technique called spear phishing, designed to use confidence in the message to compensate for the fact that most consumers have become aware of their vulnerability to phishing attacks. While attacks on banking institutions continued to rise, in H2 2005 we also saw an increase in phishing attacks aimed at non-banking institutions. Cyber extortion attacks which money was requested from users to fix the very problems created by cyber criminals continued to increase. In general, we saw that infections from visiting websites surpassed other infection methods, and that this technique is starting to be used in combination with other methods.