CYRN CYREN Ltd

Malware writers have been at it again, this time infecting inboxes with tabloid-style Subject lines like �230 dead as storm batters Europe� and �First nuclear act of terrorism!� Commtouch (Nasdaq: CTCH) reported today. �We expect an escalation in spam post-Storm,� predicts Commtouch CTO Amir Lev. �The malware is distributed to set up a network of infected zombie computers, which can then be used to launch massive spam campaigns.� By creating Subject lines that sound just plausible enough like, �hugo chavez dead� and attachments with names like �full clip.exe� and �read more.exe,� malware writers are able to lure unwary recipients into clicking on an executable file attached to an email message, using a technique known as social engineering. The �Storm� worm � named as such because it leveraged the major European storm in its subject line � contains a staggering number of distinct, low-volume variants, which were released from multiple sources simultaneously and successively, and at short time intervals. This outbreak seems to follow the trend developed in 2006 with malwares such as Stration/Warezov, Feebs, Scanio, Tibs/Nuwar, and others. �In addition to using Subject lines based on current events, this server-side polymorphic worm consists of thousands of distinct variants, ranging from just a few instances (copies of the same code in recurrent messages), to very high volumes of instances per variant,� said Haggai Carmon, Commtouch Vice President of Products. �By distributing so many variants simultaneously, the malware distributors overwhelm signature-based anti-virus engines, effectively guaranteeing that they will not block them.� Commtouch identified and blocked over 5,000 distinct variants during the first four days of the �Storm� worm activity, and there were time periods during those days when the malware accounted for nearly 17% of all global Internet email traffic. �Malware writers know they have limited time before an AV signature or heuristic will be created to block any mass-distributed malware, so they break the outbreak into thousands of variants and distribute in smaller numbers of instances to maximize infection,� Carmon said. �Once AV engines battled to get a signature out within the first few hours of the outbreak, now the hard truth is that even these signatures are now becoming ineffective to protect against the first wave of each new variant. In the time it takes to write and distribute each new signature, thousands of newer variants are launched against which the signature does not protect.� Commtouch Zero-Hour� Virus Outbreak Protection detects and blocks email-borne outbreaks like the �Storm� malware in real-time, powered by its Recurrent Pattern Detection� technology. Commtouch�s service is offered to messaging, security and anti-virus vendors for OEM integration as a complementary outbreak detection solution. About Commtouch Commtouch Software Ltd. (Nasdaq: CTCH) is dedicated to protecting and preserving the integrity of the world's most important communications tool -- email. Commtouch has over 15 years of experience developing messaging software and is a global developer and provider of proprietary anti-spam, Zero-Hour virus protection and IP Reputation solutions. Using core technologies including RPD (Recurrent Pattern Detection�), the Commtouch Detection Center analyzes billions of email messages per month to identify new spam and malware outbreaks within minutes of their introduction into the Internet. Integrated by more than 50 OEM partners, Commtouch technology protects thousands of organizations, with over 50 million users in over 100 countries. Commtouch is headquartered in Netanya, Israel, and has a subsidiary in Mountain View, CA. For more information, see: www.commtouch.com, including the Commtouch online lab detailing spam statistics and charts. This press release contains forward-looking statements, including projections about Commtouch business, within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. For example, statements in the future tense, and statements including words such as "expect," "plan," "estimate," "anticipate," or "believe" are forward-looking statements. These statements are based on information available to us at the time of the release; we assume no obligation to update any of them. The statements in this release are not guarantees of future performance and actual results could differ materially from our current expectations as a result of numerous factors, including business conditions and growth or deterioration in the Internet market, commerce and the general economy, both domestic as well as international; fewer than expected new-partner relationships; competitive factors, including pricing pressures; technological developments, and products offered by competitors; the ability of our OEM partners to successfully penetrate markets with products integrated with Commtouch technology; a slower than expected acceptance rate for our newer product offerings; availability of qualified staff for expansion; and technological difficulties and resource constraints encountered in developing new products, as well as those risks described in the text of this press release and the company's Annual Reports on Form 20-F and reports on Form 6-K, which are available through www.sec.gov. Recurrent Pattern Detection, RPD and Zero-Hour are trademarks, and Commtouch is a registered trademark, of Commtouch Software Ltd. U.S. Patent No. 6,330,590 is owned by Commtouch.