Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

Leading Provider of SaaS Web Security Reports That SQL Injection Attacks Fuel Compromises; Password Stealers and Backdoor Trojans Most Commonly Blocked Malware

LONDON and SAN MATEO, Calif. — July 16, 2008 — ScanSafe, the pioneer and leading provider of SaaS (Software-as-a-Service) Web Security found that en masse compromises of legitimate websites exploded in June, accounting for 66 percent of all malware it blocked and contributing to a 278 percent increase in Web-based malware for the first half of the year.

“The mass compromise of websites poses particular challenge to corporate users,” said Mary Landesman, senior security researcher, ScanSafe. “The impacted websites are typically known, legitimate, and trusted sites with a business purpose. These are sites that users visit frequently and the attacks are so stealthy and unobtrusive, that most visitors don’t know that they’ve been infected.”

According to the latest ScanSafe Global Threat Report:

1. Malware Increases 278 Percent: Web-based malware increased 278 percent as more and more legitimate sites including Wal-Mart, Business Week, Ralph Lauren Home and Race for Life were compromised. This widespread compromise of legitimate websites was largely the result of automated attack tools which became freely availably in the last months of 2007.

2. SQL Injection Attacks Outpace Other Attacks by 212 Percent: SQL injection attacks, an exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data, have rapidly become the most common form of website compromise, outpacing all other types of compromise by 212 percent. In June, SQL injection attacks accounted for 76 percent of all compromised sites.

3. Password Stealers and Backdoor Trojans Most Commonly Blocked Malware—Putting Corporate Data at Risk: Most of the compromises attempt to install password stealers and backdoor Trojans. This category of malware increased from 4 percent of malware in January to 27 percent in June.

The ScanSafe Global Threat Report is a study of the more than 60 billion Web requests it scanned and 600 million Web threats it blocked from January through June 2008 on behalf of corporate customers in more than 60 countries across five continents. It represents the world’s largest security analysis of real-world corporate Web traffic. A full copy of the report is available at

About ScanSafe

ScanSafe is the largest global provider of SaaS Web Security, ensuring a safe and productive Internet environment for businesses. ScanSafe solutions keep viruses and spyware off corporate networks and allow businesses to control and secure the use of the Web and instant messaging. As a fully managed service, ScanSafe's solutions require no hardware, upfront capital costs or maintenance and provide unparalleled real-time threat protection. Powered by its proactive, multilayered Outbreak Intelligence TM threat detection technology, ScanSafe scans more than 10 billion Web requests and blocks 100 million threats each month for customers in over 60 countries.

With offices in London and San Mateo, California, ScanSafe is privately owned and financed by Benchmark Capital and Scale Venture Partners. The company received a 2007 CODiE award for Best Software as a Service Solution, the 2008 and 2007 SC Magazine Europe Award for Best Content Security Solution and was named one of Red Herring’s Top 100 Technology companies.

For more information, visit

Media Contacts:

Susie Bailey
Office: +44 (0) 20 7959 0630
Mobile: +44 (0) 7875 360 437


This press release was distributed by ResponseSource Press Release Wire on behalf of ScanSafe Ltd in the following categories: Consumer Technology, Business & Finance, Computing & Telecoms, for more information visit