Trusteer Rapport easily bypassed, virtually useless

Status
Not open for further replies.
Hungry Man

Hungry Man

New Member
Thread author
Jul 21, 2011
669


Unbiased Review of Trusteer Rapport, Neil Kettle at 44CON London September 2011.

Here's a fun quote "Anyone who can read even a line of assembler can bypass Trusteer Raport on both OSX and Windows."

Basically, if you can point to any part of this program you can say "this piece doesn't work." It is not only a fundamentally flawed idea but the execution is awful (the encryption is laughable, essentially if you type a it encrypts to b etc.) There are multiple, very simple ways to bypass the would-be protection entirely and with very few lines of code.

It would be one thing if TR publicly said "Yeah, this is only for legacy malware" but it makes outrageous and overspecacular claims that it can stop 0day keyloggers etc.
 
Last edited by a moderator:
V

Vextor

Yup, I know it's useless, however my bank thinks it's a piece of genius.
 
Hungry Man

Hungry Man

New Member
Thread author
Jul 21, 2011
669
http://www.digit-security.com/blog/?p=333

More information. It seems they released a patch, hinted in the article as not doing the trick. They have never addressed the completely useless encryption/ obfuscation.
 
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
There are alternate tools you can use; HitmanPro Alert, Prevx SafeOnline (AFAIK)
 
  • Like
Reactions: DeepWeb
woodrowbone

woodrowbone

Level 10
Verified
Dec 24, 2011
480
I sent TR support team a link to the video asking them if the issues are fixed, will return with their answer if I get one? :angel:

/W
 
T

TrusteerSupport

New Member
Nov 22, 2012
1
woodrowbone said:
I sent TR support team a link to the video asking them if the issues are fixed, will return with their answer if I get one? :angel:

/W
Click to expand...

Hey Woodrowbone,

The specific bypass described in the video is no longer possible, Rapports new version do not allow it.

Trusteer and the banks we work with are constantly testing Rapport against financial malware to make sure it provides the most effective protection possible. We strongly encourage members of the security community to test Trusteer Rapport against financial malware.

The strength of Trusteer Rapport is in its ability to detect, block, and remove financial malware as demonstrated by this report: http://www.trusteer.com/sites/default/files/Mandiant.pdf.

The Register had a piece about it as well- http://www.theregister.co.uk/2011/10/11/trusteer_rapport_security_bypass/

If you can find financial malware that successfully operate on a Rapport protected machine please let us know - publicly or privately. We offer money rewards for anyone who can provide us with a sample of a live financial malware “in the wild” that successfully operates on a Rapport protected machine.

If you wish to continue this discussion- here or privately, we would be happy to do so.

Regards,
Alex Man
Trusteer Technical Support
 
  • Like
Reactions: Deleted member 178
Status
Not open for further replies.

Similar threads

M
    • Like
    • +Reputation
    • Thanks
Malware Analysis "pyrate", Behavior Blocker Bypass POC #3
Replies
54
Views
12,155
Malware Analysis
Chakuz
C
Ink
  • Locked
Trusteer Rapport
Replies
2
Views
4,025
Other security for Windows, Mac, Linux
LochNess
L

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top