New Research Reveals Majority of Malicious Web Sites Are Now Legitimate Sites Compromised by Attackers

  SAN DIEGO, CA, Jan 22 (MARKET WIRE) -- 
 Websense, Inc. (NASDAQ: WBSN) today released a new report that reveals that --
for the first time -- the number of legitimate Web sites compromised by
attackers has surpassed those purposefully created by attackers.

    The Websense Security Labs(TM) report summarizes security trends for the
second
half of 2007. Websense researchers warn Internet users to be wary of what sites
theyclick on and visit -- even their favorite trusted sites.   These sites
posea significant business risk because traditional security measures are not
designed to handle the attacks, and the attackers are using sophisticated
techniques
such as spoofing search engine results to drive traffic to infected sites. 
Attackers know that compromising sites with generally good reputations --
sites that have a built-in group of visitors -- coupled with more effective
and targeted e-mail lures, can increase the success rate of attacks.

    For example, on August 27, 2007, Websense discovered an attack launched
within the United Nations' HIV/AIDS Asia Pacific portal, which demonstrates how
attackers are compromising legitimate Web sites -- rather than creating a new
site
-- in an attempt to elevate the infection rate. In this case, when visitors
opened the United Nations Web site, unprotected users inadvertently downloaded a
Trojan horse that infected their computers with malicious code. Victims became
unknowingparticipants in a larger bot network that attackers can use for future
malicious
attacks -- posing a risk to both personal computer users and businesses.

    "More and more, attackers are compromising legitimate Web sites to infect
visitors with information-stealing code or to add users' machines to
botnets," said Dan Hubbard, vice president of security research, Websense.
"Additionally, they are increasing the sophistication of their attack methods
and building resilient infrastructures as we saw with the Storm worm attacks
last year. We believe that attackers will continue to be creative and
leverage Web 2.0 applications and user-generated content to create even
bigger security concerns for organizations.  With this in mind, organizations
need to ensure their Web, messaging and data security solutions can protect the
avenues hackers seek to exploit for financial gain."

    The report clearly shows that event-based and Web 2.0 attacks were on the
rise in the second half of 2007.  Blended threats with multiple attack vectors
evaded traditional signature-based security technologies, such as
anti-virus. In the second half of 2007, Websense, leveraging its unparalleled
visibility of the Web and email, successfully identified and mitigated
several new high-profile exploits and widespread Web attacks including:

    Web 2.0-based attack directed at MySpace users and their friends -- On
September 13, 2007, Websense was first to find the Web 2.0, "Phast Phlux
Phishing" attack on MySpace, a popular social networking site.  After MySpace
announced increased measures to protect users from online threats, many users
were
compromised by this scam that stole confidential user login credentials for
malicious purposes. Once infected, victims' MySpace profiles spread the attack
virally through "friends lists." Although the malicious domain originated in
China, the hosts were most likely the compromised desktops of casual home Web
surfers who were unwilling participants in this orchestrated attack.

    Trick-or-treating Trojan horse designed to steal financial information
duringHalloween -- On October 29, 2007, Websense was first to find an
information-stealing Trojan horse in the form of a Yahoo! Halloween greeting
card
that attackers released two days before the holiday. Attackers tricked users
without adequate Web security protection into downloading malicious code
designed to steal sensitive financial information, including passwords, credit
cards and online banking information.

    Government-branded information-stealing Trojan horse -- On December 3, 2007,
Websense discovered a new e-mail attack variant similar to attacks previously
launched claiming to be from the U.S. Internal Revenue Service and Better
Business Bureau. The e-mail message claimed that a complaint to the U.S.
Department of Justice was filed against the recipient's company and informed the
reader that a copy of the original complaint was attached to the e-mail. The
attached "complaint" was an information-stealing Trojan horse. At the time of
discovery, no major anti-virus vendors had detected the malicious code and
protected their customers.

    Websense Security Labs researchers gather threat intelligence with
WebsenseThreatSeeker(TM) which scans more than 600 million Web sites per week
searching for malicious code, along with Websense's Hosted Security
Services, which scan more than 350 million e-mails per week for e-mail security
threats.  This unique technology has helped the Websense security research
team find several high-impact Web and zero-day exploits. Websense sends out
an average of 80 Real-Time Security Updates(TM) per day to protect more than 42
million employees from external and internal computer security threats.

    Additional Highlights from the Second Half 2007 Security Trends Report


--  Attackers tried to perfect the blended threat technique: The second
    half of 2007 saw the use of multiple attack vectors to evade detection and
    increase attack effectiveness. For example, the Storm Worm writers
    increased their attack ante by using multiple attack vectors including:
    domain name system (DNS), Web, peer-to-peer, encryption and several evasion
    techniques. By using so many different vectors and techniques they made it
    difficult to take down the malicious sites and prevent future outbreaks.
--  In addition to compromising legitimate Web sites, the Websense
    Security Labs also noted that attackers increasingly used spam to lure
    users to malicious Web sites. In fact, 65 percent of all unwanted e-mails
    contained a link to a malicious Web site.
    

    
Businesses interested in assessing the effectiveness of their current
security solutions can take the Websense Security Challenge to assess their
current security posture.  For the latest threat information and to sign up
for alerts from the Websense Security Labs visit www.websensesecuritylabs.com.

    About Websense, Inc.

    Websense, Inc. (NASDAQ: WBSN) protects more than 42 million employees from
external and internal computer security threats.  Using a combination of
preemptive ThreatSeeker(TM) malicious content identification and
categorization technology and information leak prevention technology, Websense
helps
make computing safe and productive.  Distributed through its global network
of channel partners, Websense software helps organizations block malicious code,
prevent the loss of confidential information and manage Internet and wireless
access.  For more information, visit www.websense.com.

    Websense and Websense Enterprise are registered trademarks of Websense, Inc.
in the
United States and certain international markets. Websense has numerous other
unregistered trademarks in the United States and internationally. All other
trademarks are the property of their respective owners.

    

MEDIA CONTACT:
Sarah Thornton
Websense, Inc.
858-320-9500
sthornton@websense.com

Copyright 2008, Market Wire, All rights reserved.

-0-