CYRN CYREN Ltd

Attacks of image-based spam intensified in the second quarter of 2006, comprising 30 per cent of global spam on a single day, Commtouch (NASDAQ:CTCH) reports. On days when image-based spam achieves such a distribution peak, the global bandwidth and storage consumed by spam grows by more than 70 per cent. "Image-based spam may quickly cause IT resource overload if not dealt with properly," said Dan Yachin, Research Director EMEA Emerging Technologies at IDC, a leading analyst firm. "While textual spam messages cause loss of productivity, image spam messages that are three times their size are a whole different ball game, causing a real bandwidth and storage crisis." The cost of storage becomes a crucial factor for large organizations that save all of their email, especially in the age of the Sarbanes-Oxley Act and HIPAA compliance. For companies that do not block image-based spam at the perimeter, these bloated messages are often archived along with legitimate business email. Image-based spam weighs in at an average of 18 KB, more than three times the size of standard spam which averages 5.5 KB. Image Spam Distribution: Comprising 30% of Global Spam Image-based spam is a relatively new phenomenon, which commenced in the third quarter of 2005. It consists of images only, each of which contains tiny randomized changes to fool most anti-spam filters; in addition, since these email messages contain no text or URL hyperlinks, they are a challenge for many anti-spam engines to block. Commtouch was one of the first vendors to publicize a solution for blocking image-based spam, known as "Image Spam Defense." Commtouch's Recurrent Pattern Detection(TM) technology blocks spam without regard to the content of the message. During the last half of Q2, image-based spam reached distribution peaks around every two weeks, and diminished to just a fraction of a percent of global spam during the troughs in between. For example, on May 29, image-based spam was 30% of all global spam, and on June 3 it was a negligible percent of global spam. Commtouch calculated the following percentages of increased bandwidth and storage necessary for spam, for the three latest image-spam peaks in Q2: -0- *T Date Image Spam as Estimated percent of Bandwidth Global Spam and Storage Increase ------------------- ------------------- --------------- May 29, 2006 30% 70% ------------------- ------------------- --------------- June 10, 2006 22% 50% ------------------- ------------------- --------------- June 24, 2006 15% 35% ------------------- ------------------- --------------- *T While the majority of image-based spam deals with US-based penny stocks in traditional "pump-and-dump" scams, the messages are distributed from all over the world by vast "zombie" networks. Zombies or botnets are typically home computers that have unknowingly been hijacked for the use of spammers. End-users may not be aware that their computer is being used as a pawn in the spam war, since the zombie only activates itself at times when the user is not operating the computer. Spam-sending zombie software can install itself on a computer when a user clicks a hyperlink in a spam email, or opens a malicious email attachment. "Our customers are pleased with Commtouch's Image Spam Defense, which is integrated into our Mailstream Manager," said Bernard Fraenkel, VP Engineering at Sendmail, a Commtouch OEM partner. "While other companies' employees complain about their inboxes overflowing with heavy, annoying stock scams, our customers' users are not even aware that an image-based spam attack took place." Virus Trends: Rapid Attacks of Multiple Virus Variants While the first quarter of 2006 was characterized by wave after wave of high intensity, massive email borne virus attacks, the second quarter reflected a different pattern: rapid attacks of multiple variations of the same virus. Commtouch analysis has revealed that during Q2, email malware writers have been distributing a growing number of variants for each virus outbreak, all within a very short period of time. Such a distribution pattern of multiple versions of the same virus family ensures maximum evasion of signature-based or traditional anti-virus engines. "Traditional AV solutions are powerless to catch every variant of every virus family," said Amir Lev, CTO of Commtouch. "Even if they catch the majority of viruses, some hazardous variations can still penetrate if they do not exactly match the heuristic rules set up to catch that virus family." Commtouch's approach complements traditional, signature-based anti-virus technology, and differs thoroughly in its method for blocking viruses. Rather than trying to detect viral signatures, Commtouch's RPD technology blocks viruses almost immediately after they are distributed, based on identifying their distribution patterns. Commtouch's Zero Hour(TM) Virus Protection OEM solution has been adopted and implemented by leading AV vendors, including F-Secure, Mirapoint, Tumbleweed, G-Data, and AhnLab in Korea. To download a chart comparing the times various traditional AV vendors caught particular virus variants, see www.commtouch.com/viruscharts/June2006. Q2 2006: Major Spam Categories & Countries Based on Commtouch's ongoing analysis of billions of spam messages per month, at the end of the second quarter, the major categories of spam were: -0- *T Spam Category Percent of all global spam ------------------- --------------- Pharmaceuticals 32% ------------------- --------------- Gifts 21% ------------------- --------------- Finance/Mortgage 11% ------------------- --------------- Pornography 9% ------------------- --------------- Enhancers 7% ------------------- --------------- *T Leading countries for spam-origination were: -0- *T Country Percentage of spam originating -------------------- -------------- United States 43.09% -------------------- -------------- China 10.17% -------------------- -------------- Republic of Korea 3.83% -------------------- -------------- Germany 3.49% -------------------- -------------- Japan 3.10% -------------------- -------------- *T Commtouch publishes regular spam and virus trend reports based on email distribution patterns gleaned from its global Detection Centers' analysis of over 2 billion messages per month. About Commtouch Commtouch Software Ltd. (NASDAQ:CTCH) is dedicated to protecting and preserving the integrity of the world's most important communications tool -- email. Commtouch has over 15 years of experience developing messaging software and is a global developer and provider of proprietary anti-spam and Zero-Hour virus protection solutions. Using core technologies including RPD (Recurrent Pattern Detection(TM)), the Commtouch Detection Center analyzes billions of email messages per month to identify new spam and malware outbreaks within minutes of their introduction into the Internet. Integrated by more than 40 OEM partners, Commtouch technology protects thousands of organizations, with over 35 million users in over 100 countries. Commtouch is headquartered in Netanya, Israel, and has a subsidiary in Mountain View, CA. For more information, see: www.commtouch.com, including the Commtouch online lab detailing spam statistics and charts. About Sendmail Sendmail, Inc. is a global provider of enterprise solutions for secure, dependable, and compliant messaging. Sendmail solutions help organizations eliminate unwanted messages, effectively manage their mail stream, and address regulatory compliance and corporate governance requirements. Customers across 33 countries and the majority of the Fortune 1000, rely on Sendmail for their end-to-end email security and infrastructure needs: gateway security, secure routing, policy management, internal and outbound mail management, quarantine, and email access and storage. Sendmail is headquartered in Emeryville, CA, with offices and distributors in Europe, Asia, North and South America. Visit www.sendmail.com or call 1-87-SENDMAIL.