HeaderLine
Home ›› Company ›› Products ›› Solutions ›› Partners ›› News & Events ›› Press Releases

Storm Worm Continues to Evade Traditional Anti-Virus with Four Offensive Maneuvers, Commtouch Reports

Mountain View, CA – February 1, 2007 – Four key offensive maneuvers virtually guarantee that Storm-Worm will continue evading traditional anti-virus engines, according to a report released today by Commtouch (Nasdaq: CTCH).

The document, Malware Outbreak Trend Report: Storm-Worm, details the characteristics of the Storm-Worm, a server-side polymorphic malware. Its four key tactics include:

  1. High Distribution Intensity: Storm-Worm attacks repeatedly in intense, high-volume waves. This substantial quantity ensures a wide distribution of the malware across the Internet.
  2. Vast Variant Quantity: Storm distributes a vast number of malware variants, over 7000 distinct variants on several days of the outbreak, and over 40,000 altogether during the report period. Since each variant or group of variants requires a different signature, it is impossible for anti-virus engines to keep up with this rapid-fire pace.
  3. Brief Variant Lifetime: The fleeting lifetime of each variant is two to three hours on average, and each variant rarely makes a second appearance during the outbreak. Since it takes several hours to develop a new signature or heuristic, and up to several days to distribute to end-users, these short-lived variants are typically out of distribution by the time traditional anti-virus defenses are available.
  4. Low Variant Volume: Each variant is distributed in relatively small quantities or instances. Since an AV vendor must be aware of a malware sample in order to analyze it in its laboratory, distribution in low numbers often enables the malware to “fly below the radar” of the traditional anti-virus engines.

“Each of these four characteristics alone is enough to make it difficult for signature-based and heuristic anti-virus engines to catch, but taken together they defeat the traditional AV engines hands-down,” said Haggai Carmon, Commtouch Vice President of Products. “Since this four-part strategy is so effective from the virus-distributors’ point of view, we expect it to continue throughout 2007.”

Storm-Worm was first detected on January 18, and was informally named as such because early messages leveraged the recent major European storm in its Subject line.

Commtouch Zero-Hour™ Virus Outbreak Protection detects and blocks email-borne malware outbreaks, like the Storm-Worm, within moments of their appearance on the Internet. Leading messaging and AV vendors license Commtouch technology to complement traditional AV technologies.

More information about server-side polymorphic malware and other messaging threats will be shared at a panel discussion in which Commtouch CEO Gideon Mantel will be participating. The panel, “Zombie Trojans Throwing Spears: Coming Soon to a Mailbox Near You,” will be held on Thursday, February 8 at 10:40 am PST, Gold Room 205, at the RSA Security Conference at San Francisco’s Moscone Center (session code: DEF-303).

The Malware Outbreak Trends Report: Storm-Worm is available from the Commtouch Virus Outbreak Detection Lab at: http://www.commtouch.com/documents/Storm-Worm_MOTR.pdf

About Commtouch

Commtouch Software Ltd. (NASDAQ: CTCH) is dedicated to protecting and preserving the integrity of the world's most important communications tool -- e-mail. Commtouch has over 16 years of experience developing messaging software and is a global developer and provider of proprietary anti-spam and Zero-Hour virus protection solutions. Using core technologies including RPD (Recurrent Pattern Detection™), the Commtouch Detection Center analyzes billions of email messages per week to identify new spam and malware outbreaks within minutes of their introduction into the Internet. Integrated by more than 50 OEM partners, Commtouch technology protects thousands of organizations, with hundreds of millions of users in over 100 countries. Commtouch is headquartered in Netanya, Israel, and has a subsidiary in Mountain View, Calif. For more information, see: www.commtouch.com. The site includes the Commtouch online lab detailing spam statistics and charts.

Contact:
Rebecca Steinberg Herson
US: 650-864-2112
Int’l: +972-9-863-6877
rebeccah@commtouch.com