“This outbreak ushered out 2006 with a bang, while loudly forewarning the nature of viral outbreaks in 2007,” said Haggai Carmon, Commtouch Vice President of Products. “During 2006, a growing number of massive server-side polymorphic outbreaks swarmed the Internet and successfully maintained a sizable lead of several hours to weeks ahead of traditional signature-based solutions. Examples of these include Feebs, Stration/Warezov and of course the ‘Happy New Year!’ malware to name just a few. What makes them so unique,” Carmon continued, “is that they are released in a large number of distinct and short-lived variants, making it impossible to generate one signature or heuristic rule to effectively protect against them. In this way, malware writers maximize their chances of infecting the largest number of machines.”

Commtouch identified and blocked 3,262 distinct variants during the first 65 hours of ‘Happy New Year!’ malware activity, and there were at least three time periods on Friday, December 29, when the malware accounted for nearly 12% of all global Internet email traffic. On Friday Commtouch tracked 842 distinct variants that were released to the Internet during a single five-minute period.

“We expect this trend to continue to grow in 2007, since server-side polymorphic outbreaks have become the most effective method to infiltrate through existing defenses,” Haggai Carmon summarized. “Events like the New Year’s holiday force virus writers to concentrate their massive outbreaks in a short period of time. Other outbreaks like the Stration/Warezov attack can afford to stretch on for months, releasing recurrent waves of mass-variants each time.”

The malware has been sent from multiple sources in a format that appears to be a New Year’s greeting, in order to entice users to open and click on the attachment. Subject lines of the messages include: “Happy New Year!” and “Happy 2007!” and sample attachment filenames are: postcard.txt, postcard.exe, or greeting card.txt. If a user opens the attached file, the malware attempts to shut down the PC’s security programs, scans for e-mail addresses to send out copies of itself, and installs various malicious programs that, among other things, turns the computer into a spam zombie.

Commtouch Zero-Hour™ Virus Outbreak Protection detects and blocks email-borne outbreaks like the “Happy New Year” malware within moments of their release, powered by its Recurrent Pattern Detection™ technology. Commtouch’s service is offered to messaging, security and anti-virus vendors for OEM integration as a complementary outbreak detection solution.