New Trojan Test

Discussion in 'other anti-trojan software' started by StevieO, Sep 21, 2005.

Thread Status:
Not open for further replies.
  1. StevieO

    StevieO Guest

    Whilst looking at the new TrustWare AntiMalware App mentioned here https://www.wilderssecurity.com/showthread.php?t=98468&highlight=AntiMalware, i DL'd and tried the Trojan Demo exe. It launched Calc, but i passed the test as in my Screen Shot ! You might like to try it too and see if it gets through your defences.

    http://img389.imageshack.us/img389/4650/trustwaredemo11zp.png

    . . .


    Caution – by agreeing to perform the security test below you will become subject to our cyber attack:

    Of course we will do no harm to your PC or network

    We will however simulate an internet download similar to what your network users may perform. Similarly this installation attempt may also simulate an execution of a zip file received via an email, installation from a memory stick or any other form through which an .exe file may enter your corporation.

    We will attempt to prove that none of your security systems will alert or identify our intrusion attempt. As you run the .exe file you we will launch your calculator and scan your documents' names. We will then place your document names on our server and provide you with a link so that you can see what files we accessed.

    During the process your Firewall may notify you of our demo trying to access the network. This means our demo has successfuly accessed your files and is trying to report its findings to our server. If you allow our program to connect to the network you will receive a link to view the test results on line. After you referesh the web page the information we were able to collect from your PC will be lost .

    I read the above and I want to perform the security test.

    http://www.trustware.com/home.php

    . . .


    StevieO
     
  2. Magnus Mischel

    Magnus Mischel Security Expert

    Joined:
    Oct 24, 2002
    Posts:
    185
    Firefox presents a "Save As" dialog with no option to run the file. I suspect the demo is aimed at unpatched IE users...
     
  3. StevieO

    StevieO Guest

    Hi Magnus,

    Actually it's not aimed at any IE vulnerabilites, as i found this TrojDemo.txt file after i had posted, which shows what it tries to make use of to phone home with a report.

    As i'm locked down with all these and more disabled, it clearly didn't effect me. Other people would have probably failed the test i'm afraid to say.


    ------ Files Attack test ------<br>
    Attacking C:\WINDOWS\SYSTEM\TASKMGR.EXE: Failed!<br>
    Attacking C:\WINDOWS\SYSTEM\TELNET.EXE: Failed!<br>
    Attacking C:\WINDOWS\SYSTEM\FTP.EXE: Failed!<br>
    Attack test Done<br>
    <br>
    <br>


    StevieO
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    ProcessGuard Stops it for me!!

    Cheers, :D
     
  5. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    I couldn`t get it to download.
     
  6. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Dagolag what part of PG stops it?

    BeetleJuice do you get an error or something else stops it? What browser are you using?

    Thanks,

    Chris
     
  7. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    I click on the button here!! And>>
     

    Attached Files:

  8. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    I was using Opera. No error when I went to dwl it would only flash on the screen for a second. I think it might have been NOD that wouldn`t let me dwl...but that`s only a guess.
     
  9. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    And I get a Pop up from ProcessGuard Here!! Opera here Also!!

    HTH,

    cheers,
     

    Attached Files:

  10. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Dagolag,

    So the execution protection blocked it? Thats good but what if you allow the program to run does PG stop it anywhere else?

    Beetlejuice,

    It doesn't appear to be NOD unless our setup is different I am using IE but have IMON enabled and I can still download. Maybe something with opera?

    Thanks,

    Chris
     
  11. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    I tried again with Firefox. I got to download the "disable AV" test. Online Armor stopped that one. I didn`t try the other two.
     
  12. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    hmmm...Strange. I know the active x test link does not work but I'm not sure what would be causing the other issues. Well at least if you can't D/L it I guess your protected :)

    Thanks,

    Chris
     
  13. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Well with this one this is what happened!!
     

    Attached Files:

  14. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    And Click allow and pcIp stops it here!! And I don't let it go any further!! Same with the trojan check!!

    cheers,
     

    Attached Files:

  15. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    The old layered security approach. Good one!

    I am using ViGuard and of course it detects the trojan test and since I use ViGuard I am not using an antivirus the diable AV test can not find one to terminate. Of course I also understand that the authors for both programs are the same.

    Thanks,

    Chris
     

    Attached Files:

  16. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    No AV Wow!! :eek: :eek: It does not shut down NOD if I let go through!!

    Cheers, :D :D :D
     
  17. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Well I am normally a NOD user but since installing ViGuard I am tempting fate. I'm doing this based on several things including reviews, authors own claims and my own testing. I of course haven't tested everything but so far so good. Let's just hope it stays this way....

    Thanks,

    Chris
     
  18. GreenWhite

    GreenWhite Registered Member

    Joined:
    Nov 23, 2004
    Posts:
    110
    Out of boredom, tried the new trojan test. And ...

    Yup, NOD32 locked and held up the file (partially downloaded into desktop). It won't let me delete the partial file either.

    Note: If you have Unlocker, you can see the file being held up by NOD32 (nod32kui.exe and nod32krn.exe).

    Reboot, and deleted the file. Suffice to say, NOD32 managed to protect me from harm.
     
  19. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    I wonder why NOD on my other system is not stopping it like yours? I have latest NOD32 program with most recent updates with highest settings and it does not stop it at all. Ideas?

    Thanks,

    Chris
     
  20. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Well jotti says nothing found!! Could that be Why?;)
     

    Attached Files:

  21. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    And this one!!;)
     

    Attached Files:

  22. StevieO

    StevieO Guest

    I also tried the AV test, but it threw up an error box and failed to run, maybe a 98SE issue, but at least it failed to even try and disable it !

    It's good to see that many here are protected against the AT test through various different means.


    StevieO
     
  23. GreenWhite

    GreenWhite Registered Member

    Joined:
    Nov 23, 2004
    Posts:
    110

    Scratching head. No idea, Chris.

    Just a hunch, anything to do with IMON download setting, something like switch to passive mode (size)?
     
  24. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Not sure but Dagolag just had it scanned at Jotti's and none of the scanners there including NOD detects it...Just one of those things that make you go hmmmm...

    Thanks,

    Chris
     
  25. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    A2 Spots something but Trojanhunter does not!! :doubt:
     

    Attached Files:

Thread Status:
Not open for further replies.