MRG Banking Test

Because is unfair why they don't do the same test using realtime keylogging malware? so we can see which one is better?, of course they have to get $$ with the simulator. In this test seems that this is the only way that your bank passwords can be stolen but there are many more. The test is another lie, seems to be the answer to all the methods of stealing banking passwords and is just 1 simple method and there are many more


Then MRG should immediately stop their misleading advertising which suggests that is an online Banking security test while is just a test using all the time the same injection method. SHould be call "Injection method XXX test, another way to steal your passwords."

Although they claim in the pdf that this is the only used method to steal your passwords I can hardly believe that there is no malware able to do it in any other way

 

The test method used by MRG is the same method that Zeus, Spyeye etc uses. Please can you point us to some financial malware in wide circulation that uses the keyboard hooking methods that KS protects against?

 

In less that 10 seconds using google

TrojanWin32Dishigy.A

Encyclopedia entry
Updated: Apr 17, 2011 | Published: Mar 30, 2011

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Dishigy.A

Summary
Trojan:Win32/Dishigy.A is a trojan that captures keystrokes and steals login credentials through a method known as "form grabbing". Trojan:Win32/Dishigy.A sends captured data to a remote attacker and is capable of downloading additional malicious components.

Here you have thousands of them: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=captures keystrokes

So call a test "banking test" where only 1 method is used while there are dozens of ways to do the same, seems to me like a bad advertising

 

Haha! That's Spyeye and it states " Trojan:Win32/Dishigy.A is a trojan that captures keystrokes and steals login credentials through a method known as "form grabbing". "

So KS would fail that one!! You've just proven my point.

 

My english is not perfect so i didn't get the word "grabbing" but there are thousands of malware able to do it in multiple ways, and it's active and real malware, I'm not going to check 10,000 samples to find one of each one, but there is active malware using multiple methods to steal your passwords


http://www.microsoft.com/security/p.../Entry.aspx?Name=TrojanSpy:Win32/GhostSpy.5_2 Screenshot method
http://www.microsoft.com/security/p...?Name=MonitoringTool:Win32/DouglasKeylogger.A Key Monitor

The test is called "online banking security test" not "Test focused only in the malware of the category financial malware".

They claim this

So seems that the only way to steal your banking passwords is using financial malware and this is not true.
And I would like to know who invented this category of financial malware... I know that MRG didn't

 

I'm not sure what any of this is proving anymore. The only facts are:

1. KS advertises itself as protecting against financial malware and specifically references Zeus and Carberp
2. It doesn't protect against the most prevalent financial malware, such as Zeus and Carberp, as demonstrated by MRG
3. It does protect against malware which performs keyboard hooks, but those are not the primary methods used by financial malware in this day and age.

 

http://www.microsoft.com/security/p.../Entry.aspx?Name=TrojanSpy:Win32/GhostSpy.5_2 Screenshot method
http://www.microsoft.com/security/p...?Name=MonitoringTool:Win32/DouglasKeylogger.A Key Monitor

I agree with you and I can say the same facts about MRG

The test is called "online banking security test" not "Test focused only in the malware of the category financial malware".

They claim this in the report:

So seems that the only way to steal your banking passwords is using financial malware, "ergo" this test cover all the ways you need to be protected against malware able to steal your banking passwords, and none of them are true.

 

That's correct. It's not the only way, but form grabbing is the primary way that is being used by the malware that is causing all the damage out there. Unless you had unlimited resource at your disposal it would be illogical for MRG to test methods of stealing banking passwords that aren't actually being used.

All the $$$$ losses being incurred by banks and account holders are from Zeus, Spyeye and Carberp, and they are all using form grabbing. So I want to see MRG testing apps that can protect me from form grabbing.

 

...then MRG should immediately stop their misleading advertising which suggests that the test cover all sort of actual banking malware. If it wasn't for their misleading advertising I wouldn't say a word about KS.

 

Personally, I don't see it as misleading. They have tested the primary vector used by the malware that threatens your online banking security.

 

So when they say that the other method does not represent a risk even when every day there are thousands of malware able to steal your passwords with the other methods, you think it's ok? Is not a lie?

 

From the reading in this thread sounds like this test is more to make the news than testing relevant security software.... so not far from Matousec... as someone correctly pointed out.

 

How many of those are in circulation and what losses ($$$) are being experienced by them? Be honest, do you know? Zeus, Carberp and Spyeye are the big problem according to the banks and they use Form Grabbing.

As you probably know, the apps that did pass (Trusteer Rapport, Prevx, Defensewall, Bufferzone, Zemana) will also protect from Keyboard logging.

 

I agree with you and I would like to add that the test is indeed interesting and good but not well reported or presented.

A banking test should include all the avaliable methods or at least some representation of all of them.
It's like an AV test where only rootkits are used to test them.
This test is just focused in exploit 1 way and there are multiple of them.
I hope that Sveta would read this like a good feedback and not just a critic

 

Don't start to manipulate. Facts are facts. Can you tell me how much money has been stolen with each method? so

Congratulations they protect against Keyboard logging, but agasint 1 method? 2? or the more than 10 method avaliable to monitor the keys on real time? what if you webcam is pointing to the keyboard? what about the other methods?

 

Last time I tested them (except Bufferzone) they protected against all methods of keyboard logging along with Screenshot logging and clipboard logging, i.e. the full range that Zeus et al can throw at you.

On the subject of the pure keylogging malware, that stuff was the story several years ago. Nobody is freaking out about that now, because the next generation (Zeus, Spyeye, Carberp et al) has taken over. Any solution that protects you from form grabbing will also protect you from keylogging, screenshot, and clipboard logging (32bit versus 64bit caveats at play in some cases). So there is simply no good reason to be using KS as a solution for "online banking security".

 

Keep avoiding questions and coming back to old topics...
So? I already told you that I don't care KS, I knew that fails and I have never use it.
What about MRG test claiming that a kelogger does not represent a risk to your Bank passwords?

Sorry but I remember a post here in wilders where somebody used all the keylog testers made by vendors to test many apps and many of them fail in some of them even they claim they were able to protect against keylogging.
I remember how Zemana was not able to block many of the tests using the spyshelter test tool, keylog test, screencapture test...

Did you used all the keylogging methods? which ones? how many?

 

Where did they say that?

Yes. Test them yourself if you don't believe me. There are differences between 32 bit and 64bit however.

 

1. Almost with that words, go back and read.

2.

Sorry I can't lose my time anymore, bye

 

Sveta has only made a few posts in this thread. He does not say keyloggers pose no risk. He says nothing of the sort, not even "almost". Either he has deleted something he previously wrote, or you've just made that up.

Bye!

 

Not sveta, the pdf

 

That's not what the report says at all. It says:

 

It says this:

So a keylogger monitor only active when you are in a bank website is not consider as a financial malware accoding to MRG and there is no almost danger is meaningful.

it's misleading like the name of the test "Banking Test" and also like the KS site. So you can be as partial as you want but the facts are facts.

 

That's not what it says at all. They are saying you cannot use tests simulators such as Spyshelter's and Zemanas to determine the protection an application will provide you against malware such as Zeus and Spyeye because those tests do not simulate MITB attacks.

- Is a keylogger dangerous - yes
- Does modern malware designed to steal your banking credentials use keylogging as its primary attack vector - no

I'm really struggling to see what your problem is with the test. It is an Online Banking test. Malware uses MITB attacks to steal your online banking credentials, ergo this test evaluates applications protection against MITB attacks.

 

1. ok
2. Wrong, I don't care if it's primary or not, as I have prove to you there is modern financial malware using keylogging and other methods. Them this test does not represent a whole "banking test" just one of the mutiple methods of injection used by financial malware nowadays. The pdf and the title are trying to say that you only have to be worried about the kind of malware represented in the test for you banking security.

In a real banking test we would see how KS block some stuff and miss other and the same with Zemana and the others. Then you can say that what KS block represetns only the 20% or the 10% of the financial malware in the last 6 months, ok.
By the way Zemana x64 fails on every single test using the spyshelter test tool, but according to MRG, is one of the best against banking while only one feature is being tested: http://zemana.com/SSLLogger.aspx