Español | English
rss facebook linkedin Twitter

Killing the enemy

There are certain protection measures for difficulting the functioning of banking Trojans. Specifically,
Trusteer Rapport is an application for securing "the communication between the keyboard and the website". According to its Website:

"Rapport secures browser communication from keyboard to website. It detects and prevents Man–in-the-Browser, Man-in-the-middle, phishing, and other attacks launched directly against the user."

We have confirmed in lab tests that ZeuS cannot grab any data in a machine where this software is installed. Unfortunately, the ZeuS' guys haven't just been lazing around; in one of the latest samples of of the Trojan, we have seen how ZeuS, right after infecting a computer, downloads and executes a second file whose purpose is to render useless this software.



This executable file ends the active processes and overwrites certain files with empty files. As a result, the program cannot be restarted.


The result is extremely interesting, as the program is disabled without the user receiving any message, though the icon of the program disappears.

Update:

After contacting the team in charge of Trusteer, we confirmed that they have implemented some measures to counter the mentioned attack. Although continuous update of security measures is required, we are very pleased to see how quickly the Trusteer team can react and keep up with these attacks.


Mikel Gastesi
S21sec e-crime





Posted by S21SEC at 9:48 AM 0 comments

IPv6 Security (VI)

The last serie of posts about IPv6 gave an introduction to the new transport protocol, including some of its security aspects.

It was discussed why IPv6 is neccesary - why it is NOW neccesary to take hands on in order to be prepared for the future. But reality is far away from that.
A recently published report "INTERNET ADDRESSING: MEASURING DEPLOYMENT OF IPv6" made by the OECD confirms that the current progress of implementing IPv6 is not wide spread. Althought network devices like routers moslty support IPv6, costs to implement the new tecnology are not spend.

Its the typical deadlock. Administrators dont want to spend time and money implementing IPv6 into their structure becasue they say that there are no IPv6 applications. And application developers say that there is no infrastructure, why should i spend money developing applications. So i guess everybody waits until the day X, when there are really no IPv4 addresses available anymore.

But when will this be ? According to potaroo.net in 513 days!

Time to get prepared!

Clemens Kurtenbach
S21sec e-crime





Posted by at 3:53 AM 0 comments
Subscribe to: Posts (Atom)

(+34 902 222 521)


24 hours a day, 7 days a week



© Copyright S21sec 2012 - All rights reserved


login