In the few minutes of free time that I have in any given week, I like to kick back and relax just like any other CEO – by running newly discovered advanced threats through our Infinity platform. I came across Gary Warner’s blog detailing a new version of Cryptolocker wrapped in a Zeus dropper and decided it’d make a perfect real world test candidate.
Only 5 major antivirus programs have detected this file as a threat as of December 19th 2013.
After pulling the sample, I dropped it into a fresh VM and ran it through CylanceV (our malware detection solution that leverages the Infinity platform) without any kind of prepping and received a definitive response in just a few seconds.
Infinity, without ever having seen this piece of malware before, declared it a threat whereas the rest of the Industry has it listed as safe.
It looks like the rest of the industry has been updating their signatures to detect the file as 37 AV vendors now recognize the file for what it is, but a “sacrificial lamb” was required to protect the rest of us. This new variant of the incredibly annoying and destructive Cryptolocker was able to operate undetected by the industry as a whole for quite some time.
Sometimes I feel like we’re a broken record here at Cylance but we’re constantly reminded that signature-based detection techniques just can’t keep up with the attackers.
Interested in CylanceV and our Infinity Platform? Sign up for a demo and get plugged into the power of Infinity today.
