SOURCE: Websense, Inc.

April 23, 2008 16:10 ET

Websense Discovers Thousands of Legitimate Web Sites Including the United Nations Site Compromised in Massive Javascript Attack

Group That Compromised the 2007 Dolphin Stadium Super Bowl Web Site May Be Responsible for Current Attack

SAN DIEGO, CA--(Marketwire - April 23, 2008) - Highlighting the need for adaptive, real-time Web security, Websense, Inc. (NASDAQ: WBSN) today announced that the Websense® Security Labs™ researchers were the first to discover that hundreds of thousands of legitimate Web sites with "good" reputations, including some United Nations and UK Government Web sites, have been compromised with a massive Javascript injection attack aimed at stealing user information. Websense Web security customers and their essential information were immediately protected.

This attack method highlights a growing number of attacks that take advantage of the flaws in traditional security that relies on signatures and Web reputation to protect customers. By infecting hundreds of thousands of well-trafficked, well known Web sites simultaneously, attackers only need a window of a few hours to get a large number of potential victims. Web users and organizations without real-time protection are vulnerable. Websense, with its global Websense ThreatSeeker™ Network, which includes the world's first Internet "HoneyGrid" that discovers and analyzes billions of disparate pieces of Internet content every day, rapidly identifies newly infected sites as they are compromised and often even before they are compromised, protecting customers and their essential information in real-time.

This well-orchestrated, widespread attack appears to be from the same group that launched a similar one in March 2008 in which tens of thousands of well known Web sites were infected with malicious links, and due to noted similarities in attack method, the group may be connected to the Dolphin Stadium Super Bowl compromise of 2007. In the current attack, in addition to the thousands of new Web sites that have been targeted, the group is also using previously compromised Web sites from the March attack that have not been cleaned to host the malicious code.

"This attack seeks to exploit users who trust that their favorite, legitimate Web sites are safe," said Dan Hubbard, vice president of security research, Websense. "Unfortunately, we believe that attacks that target popular Web sites -- those with the most unique visitors -- will be on the rise. In this rapidly changing threat environment, organizations must have Web security that can adapt to threats in real-time."

The Websense ThreatSeeker Network adaptive security technologies and processes are designed to continuously monitor the Internet for changes and emerging threats. The resulting intelligence is immediately incorporated into the company's Web security, email security and data loss prevention solutions. As a result, Websense is able to adapt to the rapidly changing Internet at speeds not possible by traditional security solutions and basic Web filtering solutions.

Details of the threats Websense recently discovered can be accessed on the Websense Security Labs Web site at

About Websense, Inc.

Websense, Inc. (NASDAQ: WBSN), a global leader in integrated Web, messaging and data protection technologies, provides Essential Information Protection™ for more than 42 million employees at more than 50,000 organizations worldwide. Distributed through its global network of channel partners, Websense software and hosted security solutions help organizations block malicious code, prevent the loss of confidential information and enforce Internet use and security policies. For more information, visit

Websense and Websense Enterprise are registered trademarks of Websense, Inc. in the United States and certain international markets. Websense has numerous other unregistered trademarks in the United States and internationally. All other trademarks are the property of their respective owners.

Contact Information