US-based Commtouch Software says that the "Happy New Year!" virus, which ended 2006 with a blast, indicates that there is a challenging year ahead for traditional anti-virus solutions.
In a statement released to mark the New Year, the messaging software firm said that the "celebratory" e-mail-borne "Happy New Year!" malware outbreak circumvents many leading signature-based AV solutions.
The attack, which is still in progress, "is the most intensive outbreak of 2006, since it comprises a staggering number of distinct, low-volume variants, which were released from multiple sources simultaneously, and at short time intervals," it says.
"This outbreak ushered out 2006 with a bang, while loudly forewarning the nature of viral outbreaks in 2007," says Haggai Carmon, Commtouch VP of products.
"During 2006, a growing number of massive server-side polymorphic outbreaks swarmed the Internet and successfully maintained a sizable lead of several hours to weeks ahead of traditional signature-based solutions. Examples of these include Feebs, Stration/Warezov and of course the "Happy New Year!" malware to name just a few.
"What makes them so unique," Carmon adds, "is that they are released in a large number of distinct and short-lived variants, making it impossible to generate one signature or heuristic rule to effectively protect against them. In this way, malware writers maximise their chances of infecting the largest number of machines."
Heavy traffic
Commtouch identified and blocked 3 262 distinct variants during the first 65 hours of "Happy New Year!" malware activity, and there were at least three time periods on 29 December when the malware accounted for nearly 12% of all global Internet e-mail traffic. On Friday, Commtouch tracked 842 distinct variants that were released to the Internet during a single five-minute period.
"We expect this trend to continue to grow in 2007, since server-side polymorphic outbreaks have become the most effective method to infiltrate through existing defences," Carmon said.
"Events like the New Year's holiday force virus writers to concentrate their massive outbreaks in a short period of time. Other outbreaks like the Stration/Warezov attack can afford to stretch on for months, releasing recurrent waves of mass-variants each time."
The malware has been sent from multiple sources in a format that appears to be a New Year's greeting, in order to entice users to open and click on the attachment. Subject lines of the messages include: "Happy New Year!" and "Happy 2007!" and sample attachment filenames are: postcard.txt, postcard.exe, or greeting card.txt.
If a user opens the attached file, the malware attempts to shut down the PC's security programs, scans for e-mail addresses to send out copies of itself, and installs various malicious programs that, among other things, turn the computer into a spam zombie.
The company's statement follows on the back of the release of its 2006 spam report, which is available on its Web site.
Share