PREVX 3.0 failed on August 2011 MRG EFFITAS test.

PREVX 3.0 failed on August 2011 MRG EFFITAS test. What is the deal here ?

Thanks.

 

We don't have any additional information other than what was posted in the PDF so I couldn't really say why at this point.

 

Enough with this MRG crap, these guys are fools. They are crypting there exe and using it to test. whats the point of that ? i can do that too and bypass all security vendors... i got 782 samples from the last 6 days and so far 760 are blocked by prevx, thats a real test for you...

Silent bypass is due to "CodeDom" encryption which hooks into a loaded exe.

Most crypters will inject into the "svchost.exe" "winlogon.exe" or "explorer.exe"

 

The point is not to test detection but to test the protection against keylogging etc.(In this case SafeOnline.)

 

Any update on this?

 

No, we haven't heard anything, but we have re-verified our protection against all major identity theft trojans in the wild now (Zeus, SpyEye, Caberp, Silon, URLZone to name a few) and we fully protect against them.

 

I thought MRG were supposed to send missed samples to the vendor that didn't react to same?

 

Just got an answer from Chris, they do send missed samples to the vendors, but this is their own built simulator, however the vendors will get remote access to the testing VM's and support from MRG to protect against the simulator.