[w32h4x0r]

Hi KM.info board! Congratz to everybody, this board is so useful and there are so many skilled guys here, I learned a lot reading from your posts!

I wanted to share here my experience with the security software Trusteer Rapport, did you know about it? Its website can be found at this link: http://www.trusteer.com/ It is supposed to be a security software able to prevent running malware to steal credentials data inside the browser by trojans like ZeuS/SpyEye/Carberp and many others. Have you ever tried it? I tried to download it and break its security, and I have been able to break its layer of security from user mode in less than 10 minutes.

Rapport’s unique technology blocks advanced Trojans including Zeus, Silon, Torpig and Yaludle without the need to constantly update and chase the different variants of these Trojans. Its proprietary browser lockdown technology simply prevents unauthorized access to information that flows between customer and employee websites regardless of whether these attempts were generated by new or known Trojan variants. Rapport is also capable of preventing very targeted and under the radar phishing attacks.

I published a video about it here: http://bit.ly/s4HtWg

Did you ever try to have a look at this software, which is supposed to be well known and widespread? Your experience is far better than mine, so it would be really important for me to have your feedback. Sorry for my poor english!

w32h4x0r

[CloneRanger]

Hi, thanks for the test etc :)

Can you PM me a link for the Keylogger please, as i'd like to test my security with it ;)

Trusteer has been tested quite a few times on Wilders, here's a comprehensive one https://www.wilderssecurity.com/showthr ... t=trusteer

Another App to test it on would be Webroot SecureAnywhere http://www.prevx.com & PSOL http://www.facebook.com/pages/Prevx-Saf ... 4680228961

Regards

[ssj100]

Looks like an interesting trojan. I'd also like to have the sample if you're willing to share it. Thanks.

[shaheen]

me too. Thanks

[w32h4x0r]

That executable in the video is a proof of concept code I written to show how trivial to bypass Rapport. Tbh I tried Rapport because my bank asked me to download it, to ensure my online transactions to be more secure. Is this Webroot SecureAnywhere supposed to do the same things that Rapport is doing (or should do)? If you want me to test this other solution, I can do it for you during the next week. Do you have any other software that you want to be tested?

I wouldn't like to share my binary code, because I don't want my code to be used by malware. I think perhaps the best thing would be just reporting the flaw to the company?

[kmd]

rapport not available for direct download? assume they using ssdt hooks in protection driver?

afaik spyeye effectively bypasses it, at least gribodemon claims that in spyeye history log

[ssj100]

Is this Webroot SecureAnywhere supposed to do the same things that Rapport is doing (or should do)?

Yes, except I think Webroot SecureAnywhere state they use different methods to Rapport, and often imply that they are superior.

Other software that specifically make claim to having such protection measures include:
DefenseWall: http://www.softsphere.com/downloads/
Zemana AntiLogger: http://zemana.com/Download.aspx
BufferZone Pro: http://www.trustware.com/download/
SpyShelter: http://www.spyshelter.com/download.html
KeyScrambler: http://www.qfxsoftware.com/download.htm
Neo’s SafeKeys: http://www.aplin.com.au/

If you're not willing to share the POC, would be great if you could test the above. Thanks, and great work! We need more people like you around to bring others back down to earth!

[CloneRanger]

@ w32h4x0r

Hi, i can understand your reasons for not wanting to share your code. Pity we can't test it though :cry: Here's a few more Apps which you are "supposed" to offer protection, that you might like to add to your tests ;)

OnlineArmor - http://www.online-armor.com

Comodo Internet Security - https://www.comodo.com/home/internet-se ... curity.php

@ kmd

Yes, Rapport is available for direct download - http://www.trusteer.com/webform/download-rapport

[Trusteer Support]

Hello,

We are very interested in learning more about the vulnerability you have found. In case it is indeed a breech in Rapport's security we have every intention of fixing it.

You can contact us by submitting a ticket in the following link: http://www.trusteer.com/support/submit-ticket

Thank you for your cooperation.
Trusteer Technical Support

[fidelis]

that's not the only problem, it also produces false positives, like with Amazon