Mountain View and Cupertino, Calif. – January 10, 2007 – Computer viruses, which grew progressively more virulent over the course of 2006, overwhelmed traditional Anti-Virus solutions according to the 2006 Email-borne Malware Review released today by Commtouch (Nasdaq: CTCH) and Proofpoint, Inc. New server-side polymorphic viruses that emerged during 2006 launched rapid burst attacks comprised of vast numbers of variants in order to circumvent common AV defenses.
“In 2006, a new distribution method for email-bone malware using massive numbers of short-lived and low-volume variants – as in the Stration/Warezov and ‘Happy New Year!’ virus attacks – turned every hour of an outbreak into a zero-hour,” said Haggai Carmon, Commtouch Vice President of Products. “Throughout 2006, we began seeing outbreaks with thousands of distinct variants being sent in successive, overlapping waves of attacks lasting for weeks or even months. The barrage of wave after wave of such attacks made it nearly impossible for traditional AV solutions to create and propagate new signatures or heuristics in time to protect end-users from the risk of infection. We expect these types of attacks to continue and worsen through 2007.”
In the past, copies of the same malicious code were mass distributed in large quantities, with one or just a handful of overlapping variants, per malware. But as AV solutions developed faster signature publishing mechanisms, malware writers changed their tactics to better exploit the “zero hour” vulnerability inherent in traditional anti-virus approaches. In the latest attacks, malware distributors develop huge numbers of distinct malware variants and unleash them simultaneously, or in successive waves. With the arrival of these so-called “server-side polymorphic malwares,” by the time a signature is released for one variant, that variant has stopped circulating, and several new variants have been unleashed.
“Without real-time protection, enterprises leave themselves exposed to an unacceptable level of risk, because the cost of remediating malware infections can run as high as $500 per infected desktop,” said Rami Habal, Director of Product Marketing for Proofpoint. “When an organization is getting hammered with thousands of variants of each new virus, it’s crucial to block each new variant immediately to prevent serious losses.”
The Proofpoint Zero-Hour Anti-Virus™ module incorporates Commtouch Zero-Hour™ Virus Outbreak Protection to identify new virus activity and take preventive action at the earliest stages of a virus outbreak, keeping messaging systems safe until updated anti-virus signatures are available.
“We have been pleased to see that Proofpoint Zero-Hour Anti-Virus automatically quarantines so many different malware variants that would otherwise be missed by a purely signature-based AV engine,” said Peter Skibitzki, Network Security Officer for the Placer County Office of Education. “The zero hour protection provided by Proofpoint and Commtouch completely eliminates the risks posed by rapidly-mutating viruses such as the recent ‘Happy New Year!’ attack, saving us from a lot of security headaches and, more importantly, eliminating the potentially huge costs involved in cleaning up infections.”
Commtouch Zero-Hour™ Virus Outbreak Protection detects and blocks email-borne outbreaks – including server-side polymorphic malware – within moments of their release on the Internet. Powered by its Recurrent Pattern Detection™ technology, Commtouch’s Zero-Hour service is offered to messaging, security and anti-virus vendors for OEM integration as a complementary outbreak detection solution. Proofpoint has integrated Commtouch Zero-Hour Virus Outbreak Protection technology as part of an optional module for its Proofpoint Messaging Security Gateway™ appliance and Proofpoint Protection Server™ software solutions to ensure advanced email defense for its enterprise clients.
To access the 2006 Email-borne Malware Review, click:
http://www.commtouch.com/documents/2006_Email_Borne_Malware_Review.pdf
or
http://www.proofpoint.com/malware-report-2006
About Proofpoint
Proofpoint provides messaging security solutions for large enterprises to stop spam, protect against email viruses, ensure that outbound messages comply with both corporate policies and external regulations and prevent leaks of confidential information via email and other network protocols. The company's flagship products, the Proofpoint Messaging Security Gateway™ and Proofpoint Protection Server® provide future-proof messaging security using Proofpoint MLX™ technology, an advanced machine learning system developed by Proofpoint scientists and engineers. Proofpoint was founded by technology visionary and former CTO of Netscape Communications, Eric Hahn. The Cupertino, California-based company is funded by investors including Benchmark Capital, Bridgescale Partners, Inventures Group, JAFCO Ventures, Meritech Capital, Mohr, Davidow Ventures, and RRE Ventures. For more information, please visit http://www.proofpoint.com.
Proofpoint, Proofpoint Protection Server, Proofpoint Messaging Security Gateway and Proofpoint Zero-Hour Anti-Virus are trademarks, registered trademarks or licensed trademarks of Proofpoint, Inc. All other trademarks contained herein are the property of their respective owners.
About Commtouch
Commtouch Software Ltd. (NASDAQ: CTCH) is dedicated to protecting and preserving the integrity of the world's most important communications tool -- e-mail. Commtouch has over 16 years of experience developing messaging software and is a global developer and provider of proprietary anti-spam and Zero-Hour virus protection solutions. Using core technologies including RPD (Recurrent Pattern Detection™), the Commtouch Detection Center analyzes billions of email messages per week to identify new spam and malware outbreaks within minutes of their introduction into the Internet. Integrated by more than 50 OEM partners, Commtouch technology protects thousands of organizations, with hundreds of millions of users in over 100 countries. Commtouch is headquartered in Netanya, Israel, and has a subsidiary in Mountain View, Calif. For more information, see: www.commtouch.com. The site includes the Commtouch online lab detailing spam statistics and charts.
Recurrent Pattern Detection, RPD and Zero-Hour are trademarks, and Commtouch is a registered trademark, of Commtouch Software Ltd. U.S. Patent No. 6,330,590 is owned by Commtouch.
Contacts:
Commtouch Software Ltd.
Rebecca Steinberg Herson
US: 650-864-2112
Int’l: +972-9-863-6877
rebeccah@commtouch.com
Proofpoint, Inc.
Chris Conti
Davies Murphy Group for Proofpoint
781-418-2432
pr@proofpoint.com
