Storm Worm Continues to Evade Traditional Anti-Virus with Four Offensive Maneuvers, Commtouch Reports
02 February 2007 - 12:04AM
Business Wire
Four key offensive maneuvers virtually guarantee that Storm-Worm
will continue evading traditional anti-virus engines, according to
a report released today by Commtouch (Nasdaq:CTCH). The document,
Malware Outbreak Trend Report: Storm-Worm, details the
characteristics of the Storm-Worm, a server-side polymorphic
malware. Its four key tactics include: 1. High Distribution
Intensity: Storm-Worm attacks repeatedly in intense, high-volume
waves. This substantial quantity ensures a wide distribution of the
malware across the Internet. 2. Vast Variant Quantity: Storm
distributes a vast number of malware variants, over 7000 distinct
variants on several days of the outbreak, and over 40,000
altogether during the report period. Since each variant or group of
variants requires a different signature, it is impossible for
anti-virus engines to keep up with this rapid-fire pace. 3. Brief
Variant Lifetime: The fleeting lifetime of each variant is two to
three hours on average, and each variant rarely makes a second
appearance during the outbreak. Since it takes several hours to
develop a new signature or heuristic, and up to several days to
distribute to end-users, these short-lived variants are typically
out of distribution by the time traditional anti-virus defenses are
available. 4. Low Variant Volume: Each variant is distributed in
relatively small quantities or instances. Since an AV vendor must
be aware of a malware sample in order to analyze it in its
laboratory, distribution in low numbers often enables the malware
to �fly below the radar� of the traditional anti-virus engines.
�Each of these four characteristics alone is enough to make it
difficult for signature-based and heuristic anti-virus engines to
catch, but taken together they defeat the traditional AV engines
hands-down,� said Haggai Carmon, Commtouch Vice President of
Products. �Since this four-part strategy is so effective from the
virus-distributors� point of view, we expect it to continue
throughout 2007.� Storm-Worm was first detected on January 18, and
was informally named as such because early messages leveraged the
recent major European storm in its Subject line. Commtouch
Zero-Hour� Virus Outbreak Protection detects and blocks email-borne
malware outbreaks, like the Storm-Worm, within moments of their
appearance on the Internet. Leading messaging and AV vendors
license Commtouch technology to complement traditional AV
technologies. More information about server-side polymorphic
malware and other messaging threats will be shared at a panel
discussion in which Commtouch CEO Gideon Mantel will be
participating. The panel, �Zombie Trojans Throwing Spears: Coming
Soon to a Mailbox Near You,� will be held on Thursday, February 8
at 10:40 am PST, Gold Room 205, at the RSA Security Conference at
San Francisco�s Moscone Center (session code: DEF-303). The Malware
Outbreak Trends Report: Storm-Worm is available from the Commtouch
Virus Outbreak Detection Lab at:
http://www.commtouch.com/documents/Storm-Worm_MOTR.pdf. About
Commtouch Commtouch Software Ltd. (Nasdaq:CTCH) is dedicated to
protecting and preserving the integrity of the world's most
important communications tool -- email. Commtouch has over 16 years
of experience developing messaging software and is a global
developer and provider of proprietary anti-spam, Zero-Hour virus
protection and IP Reputation solutions. Using core technologies
including RPD (Recurrent Pattern Detection�), the Commtouch
Detection Center analyzes billions of email messages per month to
identify new spam and malware outbreaks within minutes of their
introduction into the Internet. Integrated by more than 50 OEM
partners, Commtouch technology protects thousands of organizations,
with over 50 million users in over 100 countries. Commtouch is
headquartered in Netanya, Israel, and has a subsidiary in Mountain
View, CA. For more information, see: www.commtouch.com, including
the Commtouch online lab detailing spam statistics and charts. This
press release contains forward-looking statements, including
projections about Commtouch business, within the meaning of Section
27A of the Securities Act of 1933 and Section 21E of the Securities
Exchange Act of 1934. For example, statements in the future tense,
and statements including words such as "expect," "plan,"
"estimate," "anticipate," or "believe" are forward-looking
statements. These statements are based on information available to
us at the time of the release; we assume no obligation to update
any of them. The statements in this release are not guarantees of
future performance and actual results could differ materially from
our current expectations as a result of numerous factors, including
business conditions and growth or deterioration in the Internet
market, commerce and the general economy, both domestic as well as
international; fewer than expected new-partner relationships;
competitive factors, including pricing pressures; technological
developments, and products offered by competitors; the ability of
our OEM partners to successfully penetrate markets with products
integrated with Commtouch technology; a slower than expected
acceptance rate for our newer product offerings; availability of
qualified staff for expansion; and technological difficulties and
resource constraints encountered in developing new products, as
well as those risks described in the text of this press release and
the company's Annual Reports on Form 20-F and reports on Form 6-K,
which are available through www.sec.gov. Recurrent Pattern
Detection, RPD and Zero-Hour are trademarks, and Commtouch is a
registered trademark, of Commtouch Software Ltd. U.S. Patent No.
6,330,590 is owned by Commtouch.
CYREN (NASDAQ:CYRN)
Historical Stock Chart
From Jun 2024 to Jul 2024
CYREN (NASDAQ:CYRN)
Historical Stock Chart
From Jul 2023 to Jul 2024