Trusteer Bypassed !

Discussion in 'other anti-malware software' started by CloneRanger, Dec 9, 2011.

Thread Status:
Not open for further replies.
  1. CloneRanger
    Offline

    CloneRanger Registered Member

  2. shadek
    Offline

    shadek Registered Member

    Nice find. Was it x64 platform or 32-bit?
  3. The Hammer
    Offline

    The Hammer Registered Member

    What are the banks going to do now?
  4. m00nbl00d
    Offline

    m00nbl00d Registered Member

    Sue Trusteer and partner with Webroot? :shifty:
  5. LoneWolf
    Offline

    LoneWolf Registered Member

    Thats why a layered defense is the best defense.
    Relying on one solution in todays world is to risky, if it's bypassed it's game over.
  6. AaLF
    Offline

    AaLF Registered Member

    Trouble is only a handful of people use a layered defense. The masses expect Trusteer to deliver just as they expect an AV to deliver etc. And they dont have the time. SET & FORGET is what's demanded.

    If Trusteer was breached then what about the Internet Security Suites. Many boast safe-on-line banking. I'll bet they haven't made as much effort as Trusteer.
  7. m00nbl00d
    Offline

    m00nbl00d Registered Member

    Sometime ago I came with the perfect solution to defeat keyloggers running in user land, under Windows Vista/7.

    Keyloggers were completely blind to the browsers.

    Obviously, it was just a test. But, I've set the browser with an explicit high integrity level, and I've applied the flags NoReadUp, NoWriteUp and no NoExecuteUp.

    I think NoReadUp would suffice, though. I need to verify it.

    I ran the browser as administrator, because you can only run High integrity level objects and containers as administrator.

    But, by allowing communications to happen only with the bank's IP(s), then what harm can happen? That would mean intruders were already inside the bank's servers, wouldn't it? ;)

    Crazy ideas... o_O
  8. AaLF
    Offline

    AaLF Registered Member

    Anything like that in XP?

    So does this leave Prevx safeonline as the only free alternative?
    Last edited: Dec 9, 2011
  9. m00nbl00d
    Offline

    m00nbl00d Registered Member

    Microsoft only implemented integrity levels in Windows Vista+. Windows XP users have no luck.

    The only alternative would be to run the browser in a secure desktop. avast! paid products offer this functionality.

    There's at least one more application (free; I think the code is available as well), that would allow people to do that as well (to run applications in a secure desktop). I don't recall the name. I'll have to look it up.
  10. MrBrian
    Offline

    MrBrian Registered Member

  11. vojta
    Offline

    vojta Registered Member

    http://www.trusteer.com/support/en/about-rapport

    Is Rapport hacker-proof?

    Unfortunately, no security solution is. Rapport adds a very important and unique security layer that allows your bank to better protect your sensitive information and promptly react to threats aimed directly at you. With Rapport you are more secure and your bank has better mechanisms to protect your money. However, security is a constant battle and Rapport, as your antivirus solution or any other security product you use, makes it harder for criminals to commit crime.


    It's really amusing to see "it's the end of Trusteer!" reactions just because of the typical "see how I bypassed X" video. What security app is immune to this? None.
  12. m00nbl00d
    Offline

    m00nbl00d Registered Member

  13. CloneRanger
    Offline

    CloneRanger Registered Member

    @ vojta

    I don't see any "it's the end of Trusteer!" reactions ? only justified concerns !

    How do you know that ?

    Over on KM w32h4x0r has asked for other Apps to test it against, so hopefully we''ll see how they shape up, or not ;)
  14. vojta
    Offline

    vojta Registered Member

    Like in...

    Now, if you tell me that they are just jocking around, that's another thing.


    That no app is immune and everyone can be bypassed one way or another by a hacker operating with admin privileges in front of a computer? I don't know, crazy ideas. For example, Safe Online, that has been quoted here as an alternative to the the now 'flawed' trusteer, is bypassed east, west, north and south by the MRG's simulators and their real world malware tests daily.
  15. m00nbl00d
    Offline

    m00nbl00d Registered Member

    I obviously cannot answer for the others, but I fail to see how my comment fits on your description, "it's the end of Trusteer!"?

    Now, if you don't know whether or not someone is joking, perhaps you should ask the person directly. ;)
  16. Esse
    Offline

    Esse Registered Member

  17. vojta
    Offline

    vojta Registered Member

    "Yeah, we saw this. The fact of the matter is you can design a POC tool to bypass ANY specific security application."


    A very interesting post, including the last paragraph.
  18. PrevxHelp
    Offline

    PrevxHelp Former Prevx Moderator

    This is not true with the updated version of WSA in 8.0.1.x, and we will be offering a free version similar to SafeOnline in the coming weeks :)
  19. m00nbl00d
    Offline

    m00nbl00d Registered Member

    I suppose it's always good to have one more coming to the fight - in the freeware world. :thumb:

    I don't mean to hijack this thread, so you can answer in Prevx forum or PM, but will it come as a Xmas present? :D
  20. Thankful
    Offline

    Thankful Registered Member

    What's new with the new version of WSA that it won't be bypassed by MRG's tests?
  21. PrevxHelp
    Offline

    PrevxHelp Former Prevx Moderator

    I don't want to derail the thread but we made several improvements about a month ago which closed off any known vulnerabilities from malware or other testing.
  22. Thankful
    Offline

    Thankful Registered Member

    Great.
  23. The Hammer
    Offline

    The Hammer Registered Member

    Looks like you've been beat again. Or does this not count? http://malwareresearchgroup.com/
  24. PrevxHelp
    Offline

    PrevxHelp Former Prevx Moderator

    And the cat/mouse game continues ;)
  25. TonyW
    Offline

    TonyW Registered Member

    As always is the case between vendor & malware authors/researchers.
    Last edited: Dec 12, 2011
Thread Status:
Not open for further replies.