Infinity vs. The Real World

Just around the time that love was in the air here in the US (Valentine’s Day), you probably saw some of the disturbing headlines about a new Internet Explorer zero-day:

https://www.fireeye.com/blog/technical/cyber-exploits/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html

https://www.securityweek.com/new-ie-10-zero-day-used-watering-hole-attack-targeting-us-military

https://arstechnica.com/security/2014/02/new-zero-day-bug-in-ie-10-exploited-in-active-malware-attack-ms-warns/

The IE8/10 zero-day was leveraged in a water holing attack that targeted visitors to the Veterans of Foreign Wars (VFW) website:

VFW-website

Once the VFW website was hacked, the attackers inserted an iFRAME into the beginning of the website’s HTML code. Much badness then follows. 

As soon as we see any reports of zero-days in our industry, we immediately turn to our Infinity Platform in order to tell us whether or not it would have detected, and blocked, such an attack. So that’s what we did and voilà, we detected it as malicious:

v-screenshot-of-ie-0day

Remember, Infinity performs mathematical analysis of ANY binary file and determines its maliciousness based on algorithms of learned badness. What that means is if users had been running CylancePROTECT, they would have been protected from yet one more zero-day or advanced threat. 

Sure, if you lookup the IE zero-day sample, it’s detected as malicious by 32 antivirus engines, but back on 2/13/14, there was only 1 accurate detection.

Every time we see a new zero-day or advanced threat in the wild, we put Infinity to the test, and every time it passes with flying colors. Can you trust your endpoint security to do the same?

Stuart McClure
CEO
Cylance, Inc.