Tabloid-Style Headlines Lure Users in ``Storm'' Worm Attack, Commtouch Reports
January 22 2007 - 6:42AM
Business Wire
Malware writers have been at it again, this time infecting inboxes
with tabloid-style Subject lines like �230 dead as storm batters
Europe� and �First nuclear act of terrorism!� Commtouch (Nasdaq:
CTCH) reported today. �We expect an escalation in spam post-Storm,�
predicts Commtouch CTO Amir Lev. �The malware is distributed to set
up a network of infected zombie computers, which can then be used
to launch massive spam campaigns.� By creating Subject lines that
sound just plausible enough like, �hugo chavez dead� and
attachments with names like �full clip.exe� and �read more.exe,�
malware writers are able to lure unwary recipients into clicking on
an executable file attached to an email message, using a technique
known as social engineering. The �Storm� worm � named as such
because it leveraged the major European storm in its subject line �
contains a staggering number of distinct, low-volume variants,
which were released from multiple sources simultaneously and
successively, and at short time intervals. This outbreak seems to
follow the trend developed in 2006 with malwares such as
Stration/Warezov, Feebs, Scanio, Tibs/Nuwar, and others. �In
addition to using Subject lines based on current events, this
server-side polymorphic worm consists of thousands of distinct
variants, ranging from just a few instances (copies of the same
code in recurrent messages), to very high volumes of instances per
variant,� said Haggai Carmon, Commtouch Vice President of Products.
�By distributing so many variants simultaneously, the malware
distributors overwhelm signature-based anti-virus engines,
effectively guaranteeing that they will not block them.� Commtouch
identified and blocked over 5,000 distinct variants during the
first four days of the �Storm� worm activity, and there were time
periods during those days when the malware accounted for nearly 17%
of all global Internet email traffic. �Malware writers know they
have limited time before an AV signature or heuristic will be
created to block any mass-distributed malware, so they break the
outbreak into thousands of variants and distribute in smaller
numbers of instances to maximize infection,� Carmon said. �Once AV
engines battled to get a signature out within the first few hours
of the outbreak, now the hard truth is that even these signatures
are now becoming ineffective to protect against the first wave of
each new variant. In the time it takes to write and distribute each
new signature, thousands of newer variants are launched against
which the signature does not protect.� Commtouch Zero-Hour� Virus
Outbreak Protection detects and blocks email-borne outbreaks like
the �Storm� malware in real-time, powered by its Recurrent Pattern
Detection� technology. Commtouch�s service is offered to messaging,
security and anti-virus vendors for OEM integration as a
complementary outbreak detection solution. About Commtouch
Commtouch Software Ltd. (Nasdaq: CTCH) is dedicated to protecting
and preserving the integrity of the world's most important
communications tool -- email. Commtouch has over 15 years of
experience developing messaging software and is a global developer
and provider of proprietary anti-spam, Zero-Hour virus protection
and IP Reputation solutions. Using core technologies including RPD
(Recurrent Pattern Detection�), the Commtouch Detection Center
analyzes billions of email messages per month to identify new spam
and malware outbreaks within minutes of their introduction into the
Internet. Integrated by more than 50 OEM partners, Commtouch
technology protects thousands of organizations, with over 50
million users in over 100 countries. Commtouch is headquartered in
Netanya, Israel, and has a subsidiary in Mountain View, CA. For
more information, see: www.commtouch.com, including the Commtouch
online lab detailing spam statistics and charts. This press release
contains forward-looking statements, including projections about
Commtouch business, within the meaning of Section 27A of the
Securities Act of 1933 and Section 21E of the Securities Exchange
Act of 1934. For example, statements in the future tense, and
statements including words such as "expect," "plan," "estimate,"
"anticipate," or "believe" are forward-looking statements. These
statements are based on information available to us at the time of
the release; we assume no obligation to update any of them. The
statements in this release are not guarantees of future performance
and actual results could differ materially from our current
expectations as a result of numerous factors, including business
conditions and growth or deterioration in the Internet market,
commerce and the general economy, both domestic as well as
international; fewer than expected new-partner relationships;
competitive factors, including pricing pressures; technological
developments, and products offered by competitors; the ability of
our OEM partners to successfully penetrate markets with products
integrated with Commtouch technology; a slower than expected
acceptance rate for our newer product offerings; availability of
qualified staff for expansion; and technological difficulties and
resource constraints encountered in developing new products, as
well as those risks described in the text of this press release and
the company's Annual Reports on Form 20-F and reports on Form 6-K,
which are available through www.sec.gov. Recurrent Pattern
Detection, RPD and Zero-Hour are trademarks, and Commtouch is a
registered trademark, of Commtouch Software Ltd. U.S. Patent No.
6,330,590 is owned by Commtouch.
CYREN (NASDAQ:CYRN)
Historical Stock Chart
From Jun 2024 to Jul 2024
CYREN (NASDAQ:CYRN)
Historical Stock Chart
From Jul 2023 to Jul 2024