Mountain View, Calif. – January 1, 2007 – Spraying across the Internet in celebratory viral “confetti,” the email-borne “Happy New Year!” malware outbreak circumvents many leading signature-based AV solutions, Commtouch (Nasdaq: CTCH) reported.
The ‘Happy New Year!’ malware attack – which is still in progress – is the most intensive outbreak of 2006, since it is comprised of a staggering number of distinct, low-volume variants, which were released from multiple sources simultaneously, and at short time intervals.
“This outbreak ushered out 2006 with a bang, while loudly forewarning the nature of viral outbreaks in 2007,” said Haggai Carmon, Commtouch Vice President of Products. “During 2006, a growing number of massive server-side polymorphic outbreaks swarmed the Internet and successfully maintained a sizable lead of several hours to weeks ahead of traditional signature-based solutions. Examples of these include Feebs, Stration/Warezov and of course the ‘Happy New Year!’ malware to name just a few. What makes them so unique,” Carmon continued, “is that they are released in a large number of distinct and short-lived variants, making it impossible to generate one signature or heuristic rule to effectively protect against them. In this way, malware writers maximize their chances of infecting the largest number of machines.”
Commtouch identified and blocked 3,262 distinct variants during the first 65 hours of ‘Happy New Year!’ malware activity, and there were at least three time periods on Friday, December 29, when the malware accounted for nearly 12% of all global Internet email traffic. On Friday Commtouch tracked 842 distinct variants that were released to the Internet during a single five-minute period.
“We expect this trend to continue to grow in 2007, since server-side polymorphic outbreaks have become the most effective method to infiltrate through existing defenses,” Haggai Carmon summarized. “Events like the New Year’s holiday force virus writers to concentrate their massive outbreaks in a short period of time. Other outbreaks like the Stration/Warezov attack can afford to stretch on for months, releasing recurrent waves of mass-variants each time.”
The malware has been sent from multiple sources in a format that appears to be a New Year’s greeting, in order to entice users to open and click on the attachment. Subject lines of the messages include: “Happy New Year!” and “Happy 2007!” and sample attachment filenames are: postcard.txt, postcard.exe, or greeting card.txt. If a user opens the attached file, the malware attempts to shut down the PC’s security programs, scans for e-mail addresses to send out copies of itself, and installs various malicious programs that, among other things, turns the computer into a spam zombie.
Commtouch Zero-Hour™ Virus Outbreak Protection detects and blocks email-borne outbreaks like the “Happy New Year” malware within moments of their release, powered by its Recurrent Pattern Detection™ technology. Commtouch’s service is offered to messaging, security and anti-virus vendors for OEM integration as a complementary outbreak detection solution.
About Commtouch
Commtouch Software Ltd. (NASDAQ: CTCH) is dedicated to protecting and preserving the integrity of the world's most important communications tool -- email. Commtouch has over 15 years of experience developing messaging software and is a global developer and provider of proprietary anti-spam, Zero-Hour virus protection and IP Reputation solutions. Using core technologies including RPD (Recurrent Pattern Detection™), the Commtouch Detection Center analyzes billions of email messages per month to identify new spam and malware outbreaks within minutes of their introduction into the Internet. Integrated by more than 50 OEM partners, Commtouch technology protects thousands of organizations, with over 50 million users in over 100 countries. Commtouch is headquartered in Netanya, Israel, and has a subsidiary in Mountain View, CA. For more information, see: www.commtouch.com, including the Commtouch online lab detailing spam statistics and charts.
Contact:
Rebecca Steinberg Herson
650-864-2112
Int’l: +972-9-863-6877
rebeccah@commtouch.com
