Web threats are any threat that uses the Web to do bad and unwanted things. They use the Internet to perform malicious and often self-perpetuating activities and typically consist of one or more malicious programs that are installed on a user's computer without their knowledge, permission or understanding when the user accesses the Internet.

Often these threats may either be invisible or seem benign to the user, but when activated individually or in combination can steal confidential information off the user's computer or use the computer's resources without the user's knowledge or permission. The study tracked responses from 1600 corporate computer end users across US, UK, Germany and Japan. The study results indicated that worldwide, roughly half of the respondents (54 percent) are aware of Web threats. Awareness of Web threats is highest in Germany (63 percent), followed by UK (57 percent) and US (54 percent), and lowest in Japan (43 percent). The low awareness of Web threats in Japan could be due to the fact that the phrase is difficult to translate into Japanese and is not often used.

Web threats are more pervasive today and are the fastest-growing threat vector. They are more sophisticated, comprise multiple components, and leverage the Web to update, hide, communicate and transmit stolen information. With hackers becoming more organized and increasingly motivated by profit, criminal opportunity is greater than ever. According to the results of the Trend Micro study, Web threats ranks as the third most serious computer security threat following viruses and trojans. It is considered to be more serious than pharming, phishing and spam.

Respondents in all countries are most likely to associate Web threats with malicious activities (59 percent) and secondarily with the propagation aspects of the Web threats definition (installation without the user's knowledge (47 percent) and delivery via the Internet (44 percent)). However, German respondents are most likely to identify these aspects of Web threats. For example, 75 percent of German respondents correctly associate Web threats with malicious activities as compared to 49 percent of respondents from UK.

Other noteworthy findings include:

- No single fear or concern dominates in terms of Web threats. German respondents are most familiar with Web threats and are also most likely to express concerns about Web threats. For example, 53 percent of the German respondents are concerned about malicious downloads related to Web threats, as compared to 40 percent of the respondents from UK.

- Respondents indicated that the installation (57 percent) and use (54 percent) of security software are the most common actions taken toprotect against Web threats. US respondents are also likely to become more selective and cautious with the Web sites they visit (51 percent). German respondents are also likely to pay more attention to incoming emails (51 percent).

- Awareness of Web threats is higher in small companies than in larger companies in UK (60 percent vs. 53 percent) and Germany (66 percent vs. 59 percent). However, in Japan, the awareness of Web threats is significantly higher in large companies (48 percent) vs. small companies (37 percent). Organizational size has little influence on the awareness of Web threats in US.

Motivated by the lure of profits from the sale of stolen confidential information, malware writers today are shifting to the Web as the medium of their malicious activities. "Characterized by blended techniques, an explosion of variants, and targeted and regional attacks, Web threats pose a broad range of potential costs to consumers and businesses, including identity theft, loss of confidential corporate information, damaged brand reputation, and loss of consumer confidence in Web commerce," said Raimund Genes, Trend Micro CTO
for anti-malware. "It is good to see awareness for these insidious threats finally increasing. The pervasive use of the Web and the complexity of protecting against Web threats have begun to combine, forming perhaps the greatest challenge to protecting the privacy of personal information and the confidentiality of corporate information in a decade."