Trusteer Bypassed !

Discussion in 'other anti-malware software' started by CloneRanger, Dec 9, 2011.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,690
  2. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,268
    Location:
    Sweden
    Nice find. Was it x64 platform or 32-bit?
     
  3. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,592
    Location:
    Toronto Canada
    What are the banks going to do now?
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Sue Trusteer and partner with Webroot? :shifty:
     
  5. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,367
    Thats why a layered defense is the best defense.
    Relying on one solution in todays world is to risky, if it's bypassed it's game over.
     
  6. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Trouble is only a handful of people use a layered defense. The masses expect Trusteer to deliver just as they expect an AV to deliver etc. And they dont have the time. SET & FORGET is what's demanded.

    If Trusteer was breached then what about the Internet Security Suites. Many boast safe-on-line banking. I'll bet they haven't made as much effort as Trusteer.
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Sometime ago I came with the perfect solution to defeat keyloggers running in user land, under Windows Vista/7.

    Keyloggers were completely blind to the browsers.

    Obviously, it was just a test. But, I've set the browser with an explicit high integrity level, and I've applied the flags NoReadUp, NoWriteUp and no NoExecuteUp.

    I think NoReadUp would suffice, though. I need to verify it.

    I ran the browser as administrator, because you can only run High integrity level objects and containers as administrator.

    But, by allowing communications to happen only with the bank's IP(s), then what harm can happen? That would mean intruders were already inside the bank's servers, wouldn't it? ;)

    Crazy ideas... o_O
     
  8. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Anything like that in XP?

    So does this leave Prevx safeonline as the only free alternative?
     
    Last edited: Dec 9, 2011
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Microsoft only implemented integrity levels in Windows Vista+. Windows XP users have no luck.

    The only alternative would be to run the browser in a secure desktop. avast! paid products offer this functionality.

    There's at least one more application (free; I think the code is available as well), that would allow people to do that as well (to run applications in a secure desktop). I don't recall the name. I'll have to look it up.
     
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  11. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    818
    http://www.trusteer.com/support/en/about-rapport

    Is Rapport hacker-proof?

    Unfortunately, no security solution is. Rapport adds a very important and unique security layer that allows your bank to better protect your sensitive information and promptly react to threats aimed directly at you. With Rapport you are more secure and your bank has better mechanisms to protect your money. However, security is a constant battle and Rapport, as your antivirus solution or any other security product you use, makes it harder for criminals to commit crime.


    It's really amusing to see "it's the end of Trusteer!" reactions just because of the typical "see how I bypassed X" video. What security app is immune to this? None.
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
  13. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,690
    @ vojta

    I don't see any "it's the end of Trusteer!" reactions ? only justified concerns !

    How do you know that ?

    Over on KM w32h4x0r has asked for other Apps to test it against, so hopefully we''ll see how they shape up, or not ;)
     
  14. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    818
    Like in...

    Now, if you tell me that they are just jocking around, that's another thing.


    That no app is immune and everyone can be bypassed one way or another by a hacker operating with admin privileges in front of a computer? I don't know, crazy ideas. For example, Safe Online, that has been quoted here as an alternative to the the now 'flawed' trusteer, is bypassed east, west, north and south by the MRG's simulators and their real world malware tests daily.
     
  15. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I obviously cannot answer for the others, but I fail to see how my comment fits on your description, "it's the end of Trusteer!"?

    Now, if you don't know whether or not someone is joking, perhaps you should ask the person directly. ;)
     
  16. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    350
  17. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    818
    "Yeah, we saw this. The fact of the matter is you can design a POC tool to bypass ANY specific security application."


    A very interesting post, including the last paragraph.
     
  18. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This is not true with the updated version of WSA in 8.0.1.x, and we will be offering a free version similar to SafeOnline in the coming weeks :)
     
  19. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I suppose it's always good to have one more coming to the fight - in the freeware world. :thumb:

    I don't mean to hijack this thread, so you can answer in Prevx forum or PM, but will it come as a Xmas present? :D
     
  20. Thankful

    Thankful Registered Member

    Joined:
    Feb 28, 2005
    Posts:
    2,988
    Location:
    New York City
    What's new with the new version of WSA that it won't be bypassed by MRG's tests?
     
  21. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I don't want to derail the thread but we made several improvements about a month ago which closed off any known vulnerabilities from malware or other testing.
     
  22. Thankful

    Thankful Registered Member

    Joined:
    Feb 28, 2005
    Posts:
    2,988
    Location:
    New York City
    Great.
     
  23. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,592
    Location:
    Toronto Canada
    Looks like you've been beat again. Or does this not count? http://malwareresearchgroup.com/
     
  24. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    And the cat/mouse game continues ;)
     
  25. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,533
    Location:
    UK
    As always is the case between vendor & malware authors/researchers.
     
    Last edited: Dec 12, 2011
Thread Status:
Not open for further replies.