ScanSafe Claims Nine Ball Assault a Sheer Propaganda

Security vendor ScanSafe has blasted its rival Websense for apparently exaggerating the alleged "Nine Ball" bulk website hijacking, it recently declared during the 3rd week of June 2009.

According to Websense, the Nine Ball attack tried to infect end-users with keyloggers and trojans and compromised 40,000 websites while ScanSafe said that Websense was hugely exaggerating the issue for, actually there was hardly any existence of Nine Ball.

The security specialists stated that compromise of 40,000 websites represented an extreme scale of an attack, but according to ScanSafe, the figure was mystifying.

Stated Senior Security Researcher Mary Landesman at ScanSafe that her organization was slightly astonished at how the so-called huge attack managed to bypass its sentries. TechWorld published this on June 19, 2009.

Landesman said that after her company's experts carefully analyzed the attack, it became evident as to why it didn't dodge their alert sensors. They found that the attack was nearly non-existent and could be more appropriately called "Scratch Ball." According to Landesman, the attack was so low-numbered that it wasn't one they would spend time on investigating. She said that since June 15, 2009, the aggregate number of search queries for websites related to the attack was only 333.

Based on that figure, the aggregate number of hijacked sites actually turns out an unimpressive 62, ScanSafe's specialists estimated.

Moreover, says Landesman that just one among all the hijacked domains in the attack appears within the 'Alexa' website, featuring 10,000 most frequented websites, while the remaining 61 feature very less a number down the list, implying that the number of visitors to these websites too would be few. Landesman added that from her company's perspective, 333 queries in connection with 62 hijacked sites wasn't really something that could be labeled a 'huge attack.'

Thus, according to her, the explanation for Websense's estimate of 40,000 websites could possibly be in the different methods of data collection by the two organizations. While ScanSafe referred to proxy visitors, both incoming and outgoing from real servers, Websense probably relied on web crawling, an incorrect technique that extrapolated to a wide Internet from a restricted sample.

Related article: Scansafe Claims that Malware Grew by 35% in April

» SPAMfighter News - 7/1/2009