Skip Navigation
BlackBerry ThreatVector Blog

Yahoo Serving Ads with a Side of Malware

NEWS / 01.07.14 / Stuart McClure

This blog is part of our Infinity Vs. The Real World series

It's recently come to light that Yahoo's ad servers were unknowingly distributing a rather nasty piece of malware. This hack vector is not the first, as we saw this with FireEye as well when visiting their "Security Careers" section on their website, and certainly will not be the last. So while this is never a positive thing for anyone, it is inevitable for many companies. But we here at Cylance use these opportunities to test our Infinity platform against real world malware. First, I turned to our resident malware expert for copies of the Yahoo samples (5 unique files):

 MD5: 4365fa50e654ccdf7159d6608b21bf9e MD5: 47e71b1a29a9bf6f51f804732163ec8d MD5: b3c64e3017b53f4627a6eee666619f7f MD5: e0f69226348305c7ca02ca374b562976 MD5: fa5643f8120d11c494ddac8ebd5d672b 

In order to get the mathematical confidence rating from Infinity, I'm using Cylance V, our easy-to-use solution for investigating malware and advanced threats. Of the 5 samples, the industry identified only 2 of those as bad as of January 6th, 2014. Infinity and CylanceV, however, correctly identified them as malicious files without any prior knowledge, awareness or need for an update. Infinity does all of this without; signatures, heuristics, behavioral system analysis, sandboxing or hardware micro-virtualization - just 100% pure math!

As you can see, most of the samples had few or no detections the first time they were submitted on 1/3/2014. For example: MD5: 47e71b1a29a9bf6f51f804732163ec8d (which had two names in my set, Qne4X.exe and 5_.exe) was correctly identified by ONLY engines on its first submission! Even more disheartening is that NONE of those 4 were from a major "tier 1" vendor! If the technology used to protect the vast majority of the world's networks isn't catching this stuff, then it's time for a new approach – one based on math, not human intelligence and sacrificial lambs.

How long do you think the malware was running rampant in the world's infrastructure before it was submitted to the prominent public and private malware feeds? Far too long...

Stuart McClure

About Stuart McClure

CEO, President, and Founder of Cylance

Stuart leads Cylance® as its CEO for the first math based approach to threat detection, protection and response. Prior to Cylance, Stuart was EVP, Global CTO and General Manager at McAfee/Intel. Stuart is the creator and lead-author of the most successful security book of all time, Hacking Exposed. He is widely recognized for his extensive and in-depth knowledge of security, and is one of the industry's leading authorities in information security today.