Online Banking/Browser Security Certification Q1 2019

Discussion in 'other anti-virus software' started by itman, May 18, 2019.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,595
    Location:
    U.S.A.
    Four AV vendors certified; Avira, Bitdefender, Eset, and Kaspersky.

    https://www.mrg-effitas.com/wp-content/uploads/2019/05/2019_OBQ1.pdf
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,879
    Location:
    The Netherlands
    I wonder why they all failed the simulator test? I suppose this malware simulator can only inject JavaScript when it runs inside browser memory? Or perhaps it's done via some extension. Would be nice if they clarified this.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,595
    Location:
    U.S.A.
    Refer to page 8 of the report. The test was a simulated obfuscated Magcart credit card skimming attack. It's performed from a compromised e-commerce web server.

    And as luck would have it, one was attempted against me 3 days ago. Eset detected it via PUA blacklist detection:

    Time;URL;Status;Application;User;IP address;SHA1
    5/23/2019 2:45:27 PM;hxxp://link.safecart.com/2hhvj4/aHR0cDovL3d3dy5wbHVtYnl0ZXMuY29tL3BhcnRuZXIvdXJsL2Rvd25sb2Fk;Blocked by PUA blacklist;C:\Program Files\internet explorer\iexplore.exe;xxxxx;199.83.132.38;021415D73D02C6247001BAD6E5C9BC6E220F34FC
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,879
    Location:
    The Netherlands
    Yes, but the question is: how did they simulate it, which method did they use. If some third party tool is modifying code on a website (injecting scripts) then tools should normally be able to detect this. If they used a browser extension, then it's likely they will fail.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,595
    Location:
    U.S.A.
    The web server is infected and the data capturing by malware is occurring on that device. There is nothing on your device that can prevent this other than using security software that has blacklisted IP addresses associated with the infected web server.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,879
    Location:
    The Netherlands
    Exactly my point. So I don't see why they would simulate such a test. If the web server is infected, then security tools will all fail to detect. But I do know that it's probably a bad idea to use a credit card for online payments.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.