Spam, meet spam-killer. Math.

What happens when CylancePROTECT meets the flotsam of the Internet?

Despite billions of dollars spent on anti-SPAM technologies worldwide, the scourge of SPAM continues to inundate every mailbox on the planet. While Cylance’s machine learning approach is performing beyond anyone in the industry in detecting maliciousness, we often find applications of our technology even beyond its original intent of preventing malware, APT's, advanced threats and the like. So when we saw a SPAM run report in the intelligence community we paused and flashed the unforgiving eye of our Math.

The SPAM included links that downloads some previously unseen malware variants.  Digging into it, we observed what looks like a new variant of the Upatre downloader. This variant in turn downloads three additional malware pieces.

The first of the three appears to be a variant of the Dyre Trojan. The second is likely the password stealer Kegotip. Last, but certainly not least, we have what appears to be a new Cutwail.

Now, CylancePROTECT is installed on tens of thousands of live machines and the intention was to see how our Math performed versus standard Industry detections.  What we found was that Cylance blocked the malware download from the SPAM email. As a matter of fact, we identified that the ‘math’ was able to detect this recently released malware back in April. Thus, any Industry vendor that couldn’t detect it now in July, is woefully slow, ineffective and sadly leaving their customers unnecessarily exposed.

In every sample tested, the Industry did a horrific job with early detection. Very few vendors actually caught the samples on the first submission. In other words, they were blind to these attacks. But who did detect and prevented them all from running? Well the clear and undisputed winner: Math!!!

The pool is perfect. Come on in.