CYRN CYREN Ltd

Four key offensive maneuvers virtually guarantee that Storm-Worm will continue evading traditional anti-virus engines, according to a report released today by Commtouch (Nasdaq:CTCH). The document, Malware Outbreak Trend Report: Storm-Worm, details the characteristics of the Storm-Worm, a server-side polymorphic malware. Its four key tactics include: 1. High Distribution Intensity: Storm-Worm attacks repeatedly in intense, high-volume waves. This substantial quantity ensures a wide distribution of the malware across the Internet. 2. Vast Variant Quantity: Storm distributes a vast number of malware variants, over 7000 distinct variants on several days of the outbreak, and over 40,000 altogether during the report period. Since each variant or group of variants requires a different signature, it is impossible for anti-virus engines to keep up with this rapid-fire pace. 3. Brief Variant Lifetime: The fleeting lifetime of each variant is two to three hours on average, and each variant rarely makes a second appearance during the outbreak. Since it takes several hours to develop a new signature or heuristic, and up to several days to distribute to end-users, these short-lived variants are typically out of distribution by the time traditional anti-virus defenses are available. 4. Low Variant Volume: Each variant is distributed in relatively small quantities or instances. Since an AV vendor must be aware of a malware sample in order to analyze it in its laboratory, distribution in low numbers often enables the malware to �fly below the radar� of the traditional anti-virus engines. �Each of these four characteristics alone is enough to make it difficult for signature-based and heuristic anti-virus engines to catch, but taken together they defeat the traditional AV engines hands-down,� said Haggai Carmon, Commtouch Vice President of Products. �Since this four-part strategy is so effective from the virus-distributors� point of view, we expect it to continue throughout 2007.� Storm-Worm was first detected on January 18, and was informally named as such because early messages leveraged the recent major European storm in its Subject line. Commtouch Zero-Hour� Virus Outbreak Protection detects and blocks email-borne malware outbreaks, like the Storm-Worm, within moments of their appearance on the Internet. Leading messaging and AV vendors license Commtouch technology to complement traditional AV technologies. More information about server-side polymorphic malware and other messaging threats will be shared at a panel discussion in which Commtouch CEO Gideon Mantel will be participating. The panel, �Zombie Trojans Throwing Spears: Coming Soon to a Mailbox Near You,� will be held on Thursday, February 8 at 10:40 am PST, Gold Room 205, at the RSA Security Conference at San Francisco�s Moscone Center (session code: DEF-303). The Malware Outbreak Trends Report: Storm-Worm is available from the Commtouch Virus Outbreak Detection Lab at: http://www.commtouch.com/documents/Storm-Worm_MOTR.pdf. About Commtouch Commtouch Software Ltd. (Nasdaq:CTCH) is dedicated to protecting and preserving the integrity of the world's most important communications tool -- email. Commtouch has over 16 years of experience developing messaging software and is a global developer and provider of proprietary anti-spam, Zero-Hour virus protection and IP Reputation solutions. Using core technologies including RPD (Recurrent Pattern Detection�), the Commtouch Detection Center analyzes billions of email messages per month to identify new spam and malware outbreaks within minutes of their introduction into the Internet. Integrated by more than 50 OEM partners, Commtouch technology protects thousands of organizations, with over 50 million users in over 100 countries. Commtouch is headquartered in Netanya, Israel, and has a subsidiary in Mountain View, CA. For more information, see: www.commtouch.com, including the Commtouch online lab detailing spam statistics and charts. This press release contains forward-looking statements, including projections about Commtouch business, within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. For example, statements in the future tense, and statements including words such as "expect," "plan," "estimate," "anticipate," or "believe" are forward-looking statements. These statements are based on information available to us at the time of the release; we assume no obligation to update any of them. The statements in this release are not guarantees of future performance and actual results could differ materially from our current expectations as a result of numerous factors, including business conditions and growth or deterioration in the Internet market, commerce and the general economy, both domestic as well as international; fewer than expected new-partner relationships; competitive factors, including pricing pressures; technological developments, and products offered by competitors; the ability of our OEM partners to successfully penetrate markets with products integrated with Commtouch technology; a slower than expected acceptance rate for our newer product offerings; availability of qualified staff for expansion; and technological difficulties and resource constraints encountered in developing new products, as well as those risks described in the text of this press release and the company's Annual Reports on Form 20-F and reports on Form 6-K, which are available through www.sec.gov. Recurrent Pattern Detection, RPD and Zero-Hour are trademarks, and Commtouch is a registered trademark, of Commtouch Software Ltd. U.S. Patent No. 6,330,590 is owned by Commtouch.