Trusteer Bypassed !

Is this the same simulator first mentioned here:https://www.wilderssecurity.com/showthread.php?t=305848? If yes, this is not cat and mouse, rather an existing simulator.

 

I don't know - we've never gotten access to the simulator. The MRG forum says:

"We really can’t understand why they have not protected their users from this attack since an organisation we have been working with offered them access to this simulator some time ago – on condition they signed an MNDA"

Despite asking them now over two months ago, we never had the organization contact us on their behalf about this so we've never had the opportunity to change/test it.

However, we have made significant improvements to our protection recently against real threats (not simulators), hence my post earlier We have ongoing testing taking place by several third party companies who work with us to ensure the protection of WSA is extremely strong.

 

Joe, what you are saying is completely untrue.

We have been working on a project with an internationally respected organization covering financial malware and its ability to bypass most security software. As part of this project Prevx 3.X failed against the simulator used.

The organization we have been working with has contacted every vendor who failed against our simulator, including Webroot and offered them access to the simulator – which is the same simulator used in the youtube video.

We also gave you access to this simulator several months ago whilst WSA was in beta.

All these facts are documented.

I really don’t know why you are publishing these false statements, but I suggest you refrain from publishing any more, since as you know, we have all the emails from you confirming we gave you access to the simulator and we also recorded a video of you analyzing it in our VMs!

Your attitude has already resulted in us turning Webroot down as a client, I suggest you change your behavior before you do more damage.


Regards,
Sveta

 

It looks like I wasn't told when the organization contacted us, so someone within Webroot did get notified at least (although the thread between Chris and I made me believe I was still waiting for an email ). I'm still waiting to hear the full side of the story but this looks to be a miscommunication (and deviating substantially from the original intent of this thread!)

Also regarding the simulator during the pre-beta phase: If you've watched the video of the last time I connected to your VMs, then you'll know that Chris and I deduced there was no problem - it just wasn't identifying the active website, but if you waited a few seconds, it then protected it. This was changed on-the-spot and Chris verified it was working properly.

 

Joe, firstly, it would be unlawful for you to post any of our emails in public.

Secondly, it is NOT the external testing company who is sending the MNDA and the simulator, it is the media organization. The MNDA they are sending is our standard MNDA – which we sent to you some weeks ago, but this has not been returned to us.

Just to clarify – the simulator we used in the project with the media organization which bypassed Prevx 3.X is the same simulator we gave you access to when WSA was in beta. It is this same simulator which we used to bypass the latest version of WSA in the YouTube video.

We have made it clear that we will give you access to this simulator again once we receive our signed MNDA. You can send it to us or the media organization.

I want to make it perfectly clear that we have NOT withheld this simulator from you. All you have needed to do was return our MNDA and the simulator will be provided.

Regards,
Sveta

 

I just edited my previous post to reflect as such - I've apparently been waiting for the wrong NDA We were expecting an NDA from another company and took it as a slap in the face to have not received the further communication back yet from the testing firm. It's good to know this hullabaloo is because of a mis-crossed email - I believe you've been copied on all of the emails I received so I think you can understand what impression I was under.

 

A months has passed now.... Any news about this? Are recent versions of WSA addressing the simulator? Thanks

 

Yes they are (around build 54, we're currently on 82).

 

Excellent, thanks! Funny there has been no re-test yet on the new version.
As usual, the good news makes no news