This blog is part of our Infinity Vs. The Real World series
It's recently come to light that Yahoo's ad servers were unknowingly distributing a rather nasty piece of malware. This hack vector is not the first, as we saw this with FireEye as well when visiting their "Security Careers" section on their website, and certainly will not be the last. So while this is never a positive thing for anyone, it is inevitable for many companies. But we here at Cylance use these opportunities to test our Infinity platform against real world malware. First, I turned to our resident malware expert for copies of the Yahoo samples (5 unique files):
In order to get the mathematical confidence rating from Infinity, I'm using Cylance V, our easy-to-use solution for investigating malware and advanced threats. Of the 5 samples, the industry identified only 2 of those as bad as of January 6th, 2014. Infinity and CylanceV, however, correctly identified them as malicious files without any prior knowledge, awareness or need for an update. Infinity does all of this without; signatures, heuristics, behavioral system analysis, sandboxing or hardware micro-virtualization - just 100% pure math!
As you can see, most of the samples had few or no detections the first time they were submitted on 1/3/2014. For example: MD5: 47e71b1a29a9bf6f51f804732163ec8d (which had two names in my set, Qne4X.exe and 5_.exe) was correctly identified by ONLY 4 engines on its first submission! Even more disheartening is that NONE of those 4 were from a major "tier 1" vendor! If the technology used to protect the vast majority of the world's networks isn't catching this stuff, then it's time for a new approach – one based on math, not human intelligence and sacrificial lambs.
How long do you think the malware was running rampant in the world's infrastructure before it was submitted to the prominent public and private malware feeds? Far too long...