SpyShelter new leak test tool has been released

Discussion in 'other anti-malware software' started by guest, Aug 30, 2010.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    SpyShelter new leak test tool has been released
    I asked them for some example, so they created keylogger based on this leak.

    Note about kaspersky; I click restrict. When i click block, leak test doesnt work, it is not surprise.
     

    Attached Files:

  2. ViVek

    ViVek Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    551
    Location:
    Moon
    Thanks guest :thumb:
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
  4. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    Small correction. KIS passes the test. You only need to either disable automatic mode or use the Virtual keyboard.
     
    Last edited: Aug 30, 2010
  5. guest

    guest Guest

    Sory, You are wrong. KIS failed.
    It is not SSLT v1.4 keylogger test.
    You can see new test there see picture
    I have real app based on that leak (keylogger)
     

    Attached Files:

    Last edited by a moderator: Aug 30, 2010
  6. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    Ooops, yes you're right, didn't notice the icon is different in the screenshot.
    Any idea when it's going to be posted on their site, or can you PM me the leak test?
     
  7. guest

    guest Guest

    Screenshot from test
     

    Attached Files:

  8. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    WOOO i had 100% trust in Zemana :D
    I know this is another lame test but it still counts :rolleyes:
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    the link to download pls?
     
  10. Eru

    Eru Registered Member

    Joined:
    Mar 23, 2010
    Posts:
    92
    Location:
    Poland - Sosnowiec
    It's on the SpyShelter website unter the video :p
    But here you have: -http://www.spyshelter.com/download/AntiTest.exe- :D
     
    Last edited by a moderator: Aug 31, 2010
  11. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    938
    The newest SpyShelter new leak test tool is flagged like suspicious by Avast.

    I sent to Avast'support a False Positive warning.

    SpyShelter is working like a charm here - with System Protection only enable, a very good Real Time Protection!!!
     
  12. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    It was also detected by PrevX, Panda, Avast, and G-Data. I reported to Panda and they confirmed it is clean.
     
  13. guest

    guest Guest

    I upload virustotal. Result: 0/43 no dedection!
    Vendors can download from virustotal.com that file, MD5:8705a896c0e3d3da485188f1147247be
     
  14. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    Also detected by Norton as medium risk, and quarantined, unfortunately.
     
  15. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    Odd when ever I download Antitest.exe I get MD5: 41f1e55475c4806642cda2f7b519d523

    This file has detects from: PrevX, Quickheal, Avast!, and G-Data (Avast Engine)
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    detected by Comodo av also:)
     
  17. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    My comodo AV didn't detect it.

    Comodo in Safe Mode with no sandboxing passed all except WebCam, Sound Record and screenshot tests 4 & 5.
     
  18. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    A month or so ago, a friend became concerned about the possibility of a keylogger getting installed. A bit of searching around the internet reveals that there have been some exploits. Below are some that I found. Based on this, I determined that one's security against remote code execution exploits, and secure policies about not responding to spam protect adequately against a keylogger being installed -- it's just another binary executable.

    Perhaps I've missed something, so I'm curious why one would want a product that actively monitors a keylogger being installed. Are there other ways a keylogger can get installed besides the methods described below?

    By the way, based on what other vendors have written in the past about flagging test executables, it would seem the best proof would be to test with a real keylogger malware executable, and not a leak test.

    ----
    rich



    REFERENCES

    CVE-2010-0806 Exploit in the Wild
    http://research.zscaler.com/2010/04/cve-2010-0806-exploit-in-wild.html
    MS10-018
    Worth reading if you suspect you have recently contracted a Keylogger
    Wed, Dec 31 2008
    http://www.curse.com/forums/p/71996/376192.aspx
    EXPLOIT of IE6 Vulnerability in the Wild
    April 2006
    http://www.nist.org/news.php?extend.102
    Flash player exploit installs keylogger
    Aug 2005
    http://www.tacticalgamer.com/hardwa...-flash-player-exploit-installs-keylogger.html
    Cyber criminals using eCards to deliver malicious rootkit and keylogger exploits
    http://www.keylogger.org/news-world...ious-rootkit-and-keylogger-exploits-1209.html
    Key Logger Malware: Key Stroke and Screen Capture
    October 6, 2008
    http://webcache.googleusercontent.c...y-logger-malware.pdf keylogger exploits&hl=en
    Common spam hides keylogger Trojan
    Trojan: Mal/Zbot-U
    http://www.sophos.com/security/threat-spotlight/061810-threat-spotlight.html
    Windows Shortcut Vulnerability keylogger
    Troj/Chymin-A
    http://www.sophos.com/security/threat-spotlight/073010-threat-spotlight.html
    ------------end references-----------------------
     
    Last edited: Sep 2, 2010
  19. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    I usually turn off keyboard and screen monitoring in Comodo. The chances that 1) I will download a keylogger 2) the AV scan won't catch it, and 3) the firewall won't block it, are pretty slim.
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi guest! What is this test? The file I downloaded is named antitest.exe and has a GUI.o_O
     
  21. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    To be fair, I tested it against Prevx, and it was detected immediately. However, I 'infected' myself on purpose to see how Prevx did when being 'infected'.

    Prevx SafeOnline could not stand a chance against this new TestTool. Even though settings at max on a https site, it could take screenshots, log my keystrokes and access to my clipboard.

    What a piece of wonderful TestTool!
     
  22. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I tried it.... I let it RUN!!! Prevx Passed all tests except all the System Protection and Screenshot tests.


    Prevx SafeOnline latest stable build. v.3.0.5.199 Settings: MAXIMUM
    TestTool: Running as Admin
    Browsers: Running as Admin

    Prevx Detected the tool (but I let it run and infect me)

    Browser: Opera
    • Keylog (Passed)
    • Webcam (N/A) (I don't have a webcam LOL)
    • Clipboard (Passed)
    • SYSTEM PROTECTION test (All tests failed)
    • Screenshot tests (All tests failed but...)


    Browser: Internet Explorer
    • Keylog (Failed)
    • Webcam (N/A) (I don't have a webcam LOL)
    • Clipboard (Passed)
    • SYSTEM PROTECTION test (All tests failed)
    • Screenshot tests (All tests failed but...)

    Browser: SRWare Iron
    • Keylog (Failed)
    • Webcam (N/A) (I don't have a webcam LOL)
    • Clipboard (Passed)
    • SYSTEM PROTECTION test (All tests failed)
    • Screenshot tests (All tests failed but...)

    You had to make Spyshelter TestTool the main window to click the screenshot button... thus Prevx does not intercept screenshots since you have to make the browser the main window for Prevx to block the screenshot. (not really a fail for me but still. as long as it can take screenshot even a tiny corner of my browser I consider it a fail)

     
    Last edited: Sep 29, 2010
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Can anyone try KeySrambler?

    Thanks
     
  24. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Can't you ?
     
  25. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Keyscrambler PASSED Keylogging test. :thumb:
    the rest FAILED


    Other tests here
     
    Last edited: Sep 29, 2010
Loading...
Thread Status:
Not open for further replies.