MRG Banking Test

Discussion in 'other anti-virus software' started by 1000db, Jun 8, 2011.

Thread Status:
Not open for further replies.
  1. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    You haven't proven anything. You posted a link to a 3 year old piece of malware with no evidence that it is still in use or ever was in widespread use.

    From what you have posted so far it doesn't appear that you are particularly knowledgeable about the techniques used by modern financial malware. If you believe pure keyboard logging is in widespread use then you should post valid proof. MRG disagree with you.

    Zemana x64 passes the spyshelter keylogging [edit: i.e keyboard logging] test. Personally i would have liked to have seen those applications passing the MITB test subjected to the next level of keylogging tests, so I sort of agree with you on this.
     
  2. guest

    guest Guest

    Updated: May 31, 2011 | Published: May 31, 2011
    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Delf.KV
    Log keystrokes or steal sensitive data
    As I told you I'm not going to lose my time with something that is there

    Do you have a rate of the share in %? so :blink: MRG does not have the rate neither, they just know as everybody that the method of the report is much more used, but is only 1 of many
    I don't care if is modern just need to be new/actual malware.
    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Delf.KV
    If I can find one actual example just searching "keystroke" and looking at 3 of them, there must be thousands of them everyday.

    Not in my computer.
     
  3. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Delf is a very old piece of malware. It's not modern at all.


    I tested the latest release 3 days ago on Vista 64 and it passed.

    Anyway I've had enough if this now. It would be good if Sveta could respond to your posts as well.
     
  4. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    Hi Scoobs,

    I really have nothing to add to your excellent replies.

    It is clear to all that guest does not understand financial malware and that he has a hidden agenda and will just keep on coming back with more accusations and comments no matter how irrelevant they are.

    No one test can satisfy everybody, but we need to be realistic and point out flaws for which we have evidence.

    I am more then happy to answer any serious questions and engage in a constructive discussion, one thing I will not do is play games.

    Lets be constructive here, we should be solving problems instead of creating them.

    Regards,
    Sveta
     
  5. guest

    guest Guest

    I know that you are just testing the method that the financial malware uses to steal passwords, and it's the most common, and the used by the most "famous" malware develop in the last months.
    A keylog monitor is a financial malware accoding to you, yes or no?
     
  6. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209

    Please read the report, the answer to your question is on the page 13, paragraph 3.


    Regards,
    Sveta
     
  7. guest

    guest Guest

    The paragraph do not have the answer.

    Did you invented the category financial malware? and only the malware that you want is inside?

    The definition of financial malware only includes malware using this method and can not be applied to another malware with another method able to do the same thing?

    Or the new category is called "sophisticated financial malware"? this one only includes the injection method that you are using?

    http://www.webopedia.com/TERM/F/financial_malware.html

    So seems that any malware able to steal your banking passwords is financial malware, and this term is quite old, i'ts not just something "new" that appeared for this kind of attacks that you study.

    Maybe I'm right and you are even more because the 99% of the financial malware uses the method you study, but I don't know.

    BTW Could you please if you have time ask for a beta of Prevx 4 x64 and test it to see if with their new approach to x64 patchguard this has been fixed?
     
    Last edited by a moderator: Jun 12, 2011
  8. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    I would like to see this test expanded to include a group of beta software. There are several betas going on currently and MRG could provide valuable info that could tremendously increase the efficacy of the released products.
     
  9. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    +1 :thumb:
     
  10. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    Hi 1000db,

    This report is just a small piece of the work we are doing in this area. We are continually providing efficacy assessments for various clients and are developing two new simulators as I speak.

    As part of our on-going efficacy assessment and assurance services, we are also going to start using our own virtualised botnets – in an effort to ensure accuracy of assessments.

    Browser security is a big issue – we have been working with a TV company on a programme which covers online banking security issues. We already have developed a simulator which compromises every VDI solution we have seen and are in discussions with solution providers to help them counter the vulnerably we have exposed.

    We are happy to talk to any vendor who contacts us and will consider providing testing services if we feel they fit within our area of expertise.


    Regards,
    Sveta
     
  11. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    According to RSA, Zeus is estimated to be responsible for 90% of all banking fraud losses worldwide. That estimate is from 2010, and I would suspect that since then Spyeye, Carberp, Gozi, Bugat and Silon have taken some of that 90%. All of these are form-grabbing (MITB) trojans, so I think it would be reasonable to continue to assume that between 90-100% of online banking fraud is from form-grabbing malware.

    Based on these stats I'd stick my neck out and say that keyboard logging and applications designed to just prevent keystoke logging are now largely irrelevant.
     
    Last edited: Jun 12, 2011
  12. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Yeah, robbing bank accounts with traditional keylogger software isn't just as effective as MitB malware because they also work on online banking secured by two factor authentication with response codes etc.
     
  13. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Good point. Countries in Northern Europe including Holland and Norway were some of the first to introduce two-factor authentication in response to traditional keyloggers. Zeus, Spyeye etc was the response....
     
  14. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    That's good to know Sveta. Correct me if I'm wrong but you are developing more simulators to emulate multiple logging methods. Along with the creation of test botnets is MRG considering adding testing of other software like firewalls (I know there is a risk of being compared to Matuosec). I find your groups tests, when used with the data provided by AVC, very useful and complimentary.
     
  15. guest

    guest Guest

    There is not risk of being compared with matousec if you explain it well and add the correct products. The problem is when you made an HIPS test to a normal AV like matousec did, it is easiest and faster just say "I could have tested also this products but while they dont have almost HIPS protection would be a lose of time".

    For now MRG is doing better, they classified the products by type.

    I hope to see those new tests integrated with this one in a report.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.