On Tuesday (Feb. 7th), MRG Effitas will be publishing a follow up test to the one we conducted for the BBC Click programme.

We will re-test the latest versions of the applications featured in the BBC report and also include some new ones.

We will use the same type of simulator we used for the programme.

All the vendors who failed in the report were sent the simulator. The purpose of the test will be to see if any of the vendors who failed have since been able to protect against this tool.

The test is replicating a targeted attack using a custom piece of crimeware designed to capture a users banking or corporate logon credentials.

The vendors who will be tested are as follows:

• AVG Internet Security
• BitDefender Internet Security
• Bullguard Internet Security
• Comodo Internet Security
• Emsisoft Anti-Malware
• ESET Smart Security
• F-Secure Internet Security
• Ikarus Virus Utilities
• Immunet  Plus
• Kaspersky Internet Security
• Norton 360
• Panda Internet Security
• Quarri Protect On Q
• SoftSphere Defense Wall
• Sophos Endpoint Security
• Trend Micro Titanium Internet Security
• Trusteer Rapport
• VIPRE Internet Security 2012
• Webroot SecureAnywhere
• Zemana AntiLogger
• ZoneAlarm Internet Security

MRG Effitas has been working with the BBC on a programme which investigates and analyses the impact of financial malware on online banking security.

http://www.bbc.co.uk/news/technology-16812064

Chris Pickard, Methodology & Research director of MRG Effitas and CEO of the Effitas Group has worked with Spencer Kelly, presenter of BBC Click in creating the programme which is to be broadcast worldwide on the BBC News channel on Seturday the 4^th of February.

The programme features a test by MRG Effitas demonstrating that a custom piece of crimeware is able to bypass a range of security suites and capture the username and password entered in to a banking website.

You can hear Spencer Kelly discussing the upcoming programme here:

http://news.bbc.co.uk/1/hi/programmes/click_online/9692312.stm

We will be publishing a follow up report on Saturday to coincide with the broadcast of the programme.

Targets: U.S. Department of Justice, FBI, U.S. Copyright Office, RIAA, Universal Music, Broadcast Music Inc, Motion Picture Association of America…

Damage: Unknown

Attacker(s): Hacktivist Group Anonymous

1. Target: Symantec corp.

Damage: Surce code stolen

Attacker(s): Dharmaraja group (India)

2. Target: South African Postbank

Damage: $6.7 million

Attacker(s): Unknown

3. Target: Zappos.com

Damage: 24 million customer details compromised

Attacker(s): Unknown

4. Target: Japanese Space Agency

Damage: Login information to gain access to a cargo shuttle that carries food and equipment to the International Space Station (ISS) has been stolen

Attacker(s): Unknown

Rootkit, Bootkit, Adware, Backdoor, BHO, Downloader, Email Worm, Exploit, Flooder, Hack Tool, Hoax, Script, HTML, VB, JS, Bat, Fat, Net Worm, P2P Worm, Packed, Constructor , Packer, SQL, IM Worm, PWS, Spy, Dropper, Banker, Clicker, Proxy, SMS, GameThief, Ransom, Virus, Worm, Spyware, Fake AV, Fraud, Win32, Win64, Android….

Above is a list detailing just some of the malware categories MRG Effitas processes in its labs. Each individual category of malware may have tens or hundreds of thousands of variants. Each and every day, each category will spawn tens of thousands more variants.

The war is on, let’s work smart and join forces and win it!

MRG Effitas Team.