CommTouch Report: New Trojan Variants Evade Major Antivirus Engines

Several successive and massive malware outbreaks caused a spike in malware that was undetected by major AV engines, according to quarterly trend report

July 15, 2009

3 Min Read


Sunnyvale, Calif. " July 14, 2009 " Millions of email viruses bypassed major anti-virus engines during the second half of the second quarter, according to the Q2 2009 Internet Threat Trends Report by Commtouch' (Nasdaq: CTCH). Several successive and massive malware outbreaks caused a spike in malware that was undetected by major AV engines, compared to the consistently low quantities of malware that had been distributed via email during the previous 18 months.

Commtouch's quarterly trend report is based on the analysis of over two billion email messages and Internet transactions daily in the Company's cloud-based global detection centers.

Other highlights from the Q2 Trend Report include:

  • Spammers and malware distributers used current events including the Swine Flu epidemic and death of Michael Jackson to spread their messages.

    • Sites in the "Health" and "Web-based email" categories topped the list of Web categories manipulated by phishing schemes.

    • "Business" was the Web site category most infected with malware.

    • An average of 376,000 zombies were newly activated each day for the purpose of malicious activity.

    • Image-based spam returned with new tactics foregoing MIME-format standards to trick anti-spam engines.

    • Spam levels averaged 80% of all email traffic throughout the quarter, peaking at 97% in April and bottoming out at 64% in June.

    • Brazil continues to produce the most zombies, responsible for 17.5% of global zombie activity.

      "For the last year and a half, anti-virus engines effectively blocked many virus variants with generic signatures," said Amir Lev, chief technology officer of Commtouch. "In the second quarter, however, malware distributors introduced large quantities of new variants which are immune to these generic signatures, therefore causing sharp increases in undetected malware samples that were blocked by Commtouch."

      Commtouch Recurrent Pattern Detection and GlobalView technologies identify and block messaging and Web security threats, including increasingly malicious malware and phishing outbreaks. More details, including samples and statistics, are available in the Commtouch Q2 2009 Internet Threats Trend Report, available from Commtouch Labs at:

      NOTE: Reported global spam levels are based on Internet email traffic as measured from unfiltered data streams, not including internal corporate traffic. Therefore global spam levels will differ from the quantities reaching end user inboxes, due to several possible layers of filtering at the ISP level.

      About Commtouch

      Commtouch' (NASDAQ: CTCH) provides proven messaging and Web security technology to more than 100 security companies and service providers for integration into their solutions. Commtouch's patented Recurrent Pattern Detection (RPD) and GlobalView technologies are founded on a unique cloud-based approach, and work together in a comprehensive feedback loop to protect effectively in all languages and formats. Commtouch technology automatically analyzes billions of Internet transactions in real-time in its global data centers to identify new threats as they are initiated, protecting email infrastructures and enabling safe, compliant browsing. The company's expertise in building efficient, massive-scale security services has resulted in mitigating Internet threats for thousands of organizations and hundreds of millions of users in 190 countries. Commtouch was founded in 1991, is headquartered in Netanya, Israel, and has a subsidiary in Sunnyvale, Calif.

Read more about:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights