Secure Banking 1.1 - Page 2

Baserk · #26 September 27th, 2011, 10:56 AM

While the v1.1 changelog mentions 'Weniger "False Positives" von Anti-Viren-Programmen' / less FP's by AV progs, a hypothetical site which hypothetically tests files against 40+ hypothetical AV's, still gives a hypothetical 13/44 score.

The Secure Banking dev asks for help at protecus.de; 'Btw. ich würde mich sehr über mithilfe bei diesem Projekt freuen! (Website/Werbung/Coding)' link.
He would not only gladly receive help with his website and advertising but also coding.
And perhaps reporting FP's?

pintas · #27 September 27th, 2011, 03:53 PM

Unfortunately my coding is not what it used to be, but i suppose he could team up with PE Guard.

CloneRanger · #28 September 28th, 2011, 07:51 PM

Thought i'd try & see what it does

Uploaded it 1st to VT

Name: sb.gif
Views: 633
Size: 5.1 KB

SecureBanking - Installer.exe = Result: 0/43 (0.0%)

SecureBanking.exe = Result: 20/43 (46.5%)

sbservice.exe = Result: 28/43 (65.1%)

SecureBanking.dll = Result: 18/43 (41.9%)

Funny installer ?

Name: inst.gif
Views: 637
Size: 2.4 KB

Wanted out via

Name: za1.gif
Views: 639
Size: 7.7 KB

Also tried to connect to 178.63.25.142 = -www.securebanking.bplaced.net

Name: za2.gif
Views: 639
Size: 7.8 KB

Had to allow several ProcessGuard prompts in German, & i also got a LOT of error messages in German, & ultimately it failed to install ?

Quote:

[Phishwatch] Phish-sites http://lists.clean-mx.com/pipermail/...22/035050.html

Quote:

IP Address Inspector

ATTENTION

* This IP has not seen any suspicious activity within the last 3 months. This IP is most likely clean and trustworthy now. (This record will remain public for historical purposes, however.) https://www.projecthoneypot.org/ip_178.63.25.142

From their www via google.com/translate

Quote:

Read me first ...

Secure banking is an application that different Trojans (Zeus, SpyEye, Carberp, ...) can reliably detect on your system. This same technique is used, use the Trojans. Since the malware are often made resistant through special programs including the anti-virus programs that scan for signatures and not bring the much behavioral analysis. Secure Banking remedied by the web browser on so-called "man-in-the-middle" or "man-in-the-browser" attacks scans.

Secure Banking v1.1

Posted by Owner Posted by Owner

Here is the second release of Secure Banking.

Änderungen/Neuerungen: Changes / improvements:

Improved / New Revised recognition engine
Memory/Speicher Problem solved
CPU-friendly
Less "false positives" of anti-virus programs
I would again appreciate your feedback! Thank you!

Here's my feedback

Baserk · #29 September 28th, 2011, 08:22 PM

Quote:

Originally Posted by CloneRanger

...
From their www via google.com/translate

"Secure banking is an application that different Trojans (Zeus, SpyEye, Carberp, ...) can reliably detect on your system."

Google Translate algorithm distorts the original text into something extremely fishy.
A more proper translation would be;
"Secure banking is an application that can reliably detect different Trojans (Zeus, SpyEye, Carberp, ...) on your system."
No arguments about whether the prog is valid or not but Google Translate is

in this case.

Page42 · #30 September 28th, 2011, 08:26 PM

VIPRE doesn't like securebanking...

Name: secure banking.jpg
Views: 642
Size: 22.9 KB

Name: secure banking II.jpg
Views: 642
Size: 28.8 KB

Page42 · #31 September 30th, 2011, 01:33 AM

Hitman Pro context scan says sbservice.exe is malware.
Looks like WOT had this one right.

Jose_Lisbon · #32 September 30th, 2011, 04:23 AM

Quote:

Originally Posted by Page42

Looks like WOT had this one right.

It usually does.

J_L · #33 September 30th, 2011, 03:29 PM

Since it's used quite a lot, there will be many false positives as well.

Also, AVs aren't perfect either. Has anyone actually analysed the behaviour of this program?

Habakuck · #34 September 30th, 2011, 03:45 PM

Quote:

Has anyone actually analysed the behaviour of this program?

Jep, but i wont comment it in detail as long as the analysis as protecus and TB are running... So far, nothing which was not mentioned by the builder..

Page42 · #35 September 30th, 2011, 05:03 PM

Quote:

Originally Posted by J_L

Since it's used quite a lot, there will be many false positives as well.

Also, AVs aren't perfect either. Has anyone actually analysed the behaviour of this program?

False positives and imperfection...
Two ever-present conditions associated with most security software.
Anyone who doesn't know this, and account for this, might as well have a blindfold on.
I view WOT and AVs as indicators.
Never do I consider either of them to be the last word.

RJK3 · #36 October 2nd, 2011, 01:19 PM

Quote:

Originally Posted by Page42

I view WOT and AVs as indicators.
Never do I consider either of them to be the last word.

Exactly. There is always the possibility for false negatives and false positives.

From the WOT ratings, I feel the site should be commended for its excellent Child Safety.

Noob · #37 October 2nd, 2011, 11:14 PM

Quote:

Originally Posted by J_L

Has anyone actually analysed the behaviour of this program?

Yeah, i would like someone to go in deep with the software, but i guess that might be too much to ask

SUPERIOR · #38 October 3rd, 2011, 06:06 PM

i tested version 1.0 and it failed
now tested it again with 1.1 and here what i have found :

first off, three executed files for defending and 2 files for detailed(one for the date of version)
it starts with injecting securebanking.dll into explore process and runs sbservice for monitoring when wanted processes run for detecting malicious activities
now it looks for only 2 names of processes to monitor (IE and FF) so google and other browsers are out of this game

then i had to try it in action so i run zeus bot and then run FF IE and SR and u can see the result in attachments

as long i dont understand german, i can say that it just alarms you if there is trojan but cant help you to defend or to make secure banking as its name claims

one more thing, i noticed that there was a connection to server5.bplaced.net but when i did whois i didnt find this server in the list

PS : i guess it doesnt matter since it just connects for making sure that u have latest version ^^