Deliver Your News to the World

January Virus and Spam Statistics: 2006 Starts with a Bang


• Four massive virus attacks in January, including a multi-wave attack of 7 variants
• The most aggressive attacks whizzed through before the average AV solution could even release a signature

RSA Conference, San Jose, CA, February 15, 2006 – Commtouch® (NASDAQ: CTCH - News), the developer of ground-breaking RPD™ technology for real time anti-spam and Zero-Hour™ virus protection, today announced spam and computer virus statistics for the month of January 2006. The data is based on information continuously gathered by the Commtouch Detection Center, which analyzed more than 2 billion messages from over 130 countries during the month of January.

“The number of massive attacks grew in January,” points out Amir Lev, President and CTO. “In large part due to the speed of distribution, they succeeded in reaching many of their targets despite the presence of traditional anti-virus programs.”

January at a glance: Vicious and Varied
The numbers are indeed concerning: 19 new email-born significant virus attacks, of which a troubling 8 (42%) were graded “low intensity”, 7 (37%) “Medium Intensity” and 4 (21%) were massive attacks – a rare phenomenon for a single month.

One outbreak of specific interest, consisting of 7 variants, illustrates how viruses are growing in sophistication: the first variant was launched around December 25th as a low intensity virus, however with subsequently released variants the attack’s intensity grew into a massive outbreak towards the end of the month.

The biggest virus attacks are the quickest – fast-moving solutions required
One of the factors measured by Commtouch is the speed of distribution. We consider attacks that peak within eight hours to have “short spans”, since it takes an average of 8-10 hours for a traditional anti-virus vendor to release an updated signature blocking a new virus.

Computer virus statistics from the Commtouch Detection Center indicate that 40% of attacks during January met this profile. Also, there is a clear connection between the attack’s speed and its intensity – the faster attacks are the biggest ones: while the average distribution time of low intensity attacks is a “leisurely” 27 hours and medium-intensity attacks can take 17 hours, massive attacks take as little as 5.5 hours to spread in hundreds of millions of emails.

“The conclusion is clear” adds Lev. “Without a reliable solution for early hour protection that complements the old fashion anti-virus solutions, users are unprotected from the most massive attacks.”

Anti-virus engine statistics – is your AV up for the challenge?
Based in part on a reliable third party lab test, Commtouch was able to compare detection times of 21 leading AV engines against 19 new viruses in January. The results:
• On average, each AV completely missed 6.2 viruses (the attack was completed, and a signature was not yet available).
• The average response time to new viruses among all AV engines was 8.12 hours.

“The data should be of great concern to AV vendors and IT managers alike,” said Lev. “An eight hour response spells a simple truth – a traditional AV solution does not stand a chance against massive attacks that end before a signature is even released.”

Spam is physically sent primarily from the US
The Commtouch Detection Center monitors spam distribution patterns on a global level. January spam statistics show that 43.18% of global spam is sent from US-based sources (down from approximately 50%). China is also a significant ’launching pad’ for 12.89% of the spam. Korean and German sources distribute about 4% of global spam, and the rest of spam originates from around the globe.

Domains used by spammers – your favorite and familiar ones
While spammers make every effort to use diverse domains, in a sample of 256 million messages, we find that some domains are being used significantly more than others. Leading the list are (4.7 million), (4.2 million), (2.1 million), (1.9 million) and (1.5 million).

Spammers have deduced that to avoid being blocked by the simplest mail server rules, they need to use a valid domain. However, if the domain that is used is unique and used only for spam, they would easily be blacklisted. The result – the use of popular domains that blacklists dare not touch.
Find interactive charts, updated daily and available for downloading at:

About Commtouch

Commtouch Software Ltd. (NASDAQ:CTCH - News) is dedicated to protecting and preserving the integrity of the world’s most important communications tool -- email. Commtouch has 15 years of experience developing messaging software, and is a global developer and provider of proprietary anti-spam and Zero-Hour virus protection solutions. Using core technologies including RPD Recurrent Pattern Detection, the Commtouch Detection Center analyzes billions of email messages per month to identify new spam and malware outbreaks within minutes of their introduction into the Internet. Integrated by over 30 OEM partners, Commtouch technology protects thousands of organizations, with over 35 million users in 100 countries. Commtouch is headquartered in Netanya, Israel and has a subsidiary in Mountain View, CA. For more information, see:

Check the Commtouch online lab for further information, spam statistics and charts:

This press release contains forward-looking statements, including projections about our business, within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. For example, statements in the future tense, and statements including words such as “expect,” “plan,” “estimate,” “anticipate,” or “believe” are forward-looking statements. These statements are based on information available to us at the time of the release; we assume no obligation to update any of them. The statements in this release are not guarantees of future performance and actual results could differ materially from our current expectations as a result of numerous factors, including business conditions and growth or deterioration in the Internet market, commerce and the general economy, both domestic as well as international; fewer than expected new-partner relationships; fewer than expected license agreements resulting from Commtouch’s exclusive rights to market DCC; competitive factors including pricing pressures; technological developments, and products offered by competitors; the ability of our OEM partners to successfully penetrate markets with products integrated with Commtouch technology; a slower than expected acceptance rate for real time AV solutions in general and the Commtouch Zero-Hour(TM) Virus Protection product in particular; availability of qualified staff for expansion; technological difficulties and resource constraints encountered in developing new products, such as the Zero-Hour solution; and the failure of Commtouch to meet The NASDAQ Capital Market’s listing standards in the future, as well as those risks described in the text of this press release and the company’s Annual Reports on Form 20-F and reports on Form 6-K, which are available through
Recurrent Pattern Detection, RPD and Zero-Hour are trademarks, and Commtouch is a registered trademark, of Commtouch Software Ltd. U.S. Patent No. 6,330,590 is owned by Commtouch.


This news content was configured by WebWire editorial staff. Linking is permitted.

News Release Distribution and Press Release Distribution Services Provided by WebWire.