MRG Effitas » News

MRG Effitas Online Banking Test Featured on BBC Click

Sveta — Sat, 04 Feb 2012 17:30:15 +0000

http://www.youtube.com/watch?v=EUGTlVSefeo

BBC bases TV programme on MRG Effitas Online Banking Browser Security tests

Sveta — Thu, 02 Feb 2012 22:26:37 +0000

MRG Effitas has been working with the BBC on a programme which investigates and analyses the impact of financial malware on online banking security.

http://www.bbc.co.uk/news/technology-16812064

Chris Pickard, Methodology & Research director of MRG Effitas and CEO of the Effitas Group has worked with Spencer Kelly, presenter of BBC Click in creating the programme which is to be broadcast worldwide on the BBC News channel on Seturday the 4^th of February.

The programme features a test by MRG Effitas demonstrating that a custom piece of crimeware is able to bypass a range of security suites and capture the username and password entered in to a banking website.

You can hear Spencer Kelly discussing the upcoming programme here:

http://news.bbc.co.uk/1/hi/programmes/click_online/9692312.stm

We will be publishing a follow up report on Saturday to coincide with the broadcast of the programme.

Largest Cyber Attack Ever?

Sveta — Fri, 20 Jan 2012 16:23:05 +0000

Targets: U.S. Department of Justice, FBI, U.S. Copyright Office, RIAA, Universal Music, Broadcast Music Inc, Motion Picture Association of America…

Damage: Unknown

Attacker(s): Hacktivist Group Anonymous

Cyber Crime Diary , January 2012

Sveta — Thu, 19 Jan 2012 13:00:40 +0000

1. Target: Symantec corp.

Damage: Surce code stolen

Attacker(s): Dharmaraja group (India)

2. Target: South African Postbank

Damage: $6.7 million

Attacker(s): Unknown

3. Target: Zappos.com

Damage: 24 million customer details compromised

Attacker(s): Unknown

4. Target: Japanese Space Agency

Damage: Login information to gain access to a cargo shuttle that carries food and equipment to the International Space Station (ISS) has been stolen

Attacker(s): Unknown

Modern Warfare 2012

Sveta — Mon, 02 Jan 2012 18:03:44 +0000

Rootkit, Bootkit, Adware, Backdoor, BHO, Downloader, Email Worm, Exploit, Flooder, Hack Tool, Hoax, Script, HTML, VB, JS, Bat, Fat, Net Worm, P2P Worm, Packed, Constructor , Packer, SQL, IM Worm, PWS, Spy, Dropper, Banker, Clicker, Proxy, SMS, GameThief, Ransom, Virus, Worm, Spyware, Fake AV, Fraud, Win32, Win64, Android….

Above is a list detailing just some of the malware categories MRG Effitas processes in its labs. Each individual category of malware may have tens or hundreds of thousands of variants. Each and every day, each category will spawn tens of thousands more variants.

The war is on, let’s work smart and join forces and win it!

MRG Effitas Team.

MRG Effitas Flash Tests – New Testing Specification

Sveta — Fri, 04 Nov 2011 20:12:51 +0000

MRG Effitas is happy to announce that from now on we will be using a new testing specification for our Flash Tests. The methodology remains the same, however, we will now be using 200 0-day malware samples in each test.

List of participants by category:

Standalone Anti-Malware Applications:

Avira Antivir Premium
Avast Pro Antivirus
AVG Antivirus
BitDefender Antivirus
Emsisoft Anti-Malware
Eset Nod32 Antivirus
F-Secure Antivirus
GFI VIPRE Antivirus
IKARUS virus.utilities
Kaspersky Antivirus
Microsoft Security Essentials
McAfee Antivirus Plus
Panda Cloud Antivirus
SourceFire Immunet Plus
Symantec Norton Antivirus
Webroot SecureAnywhere

Complementary Anti-Malware Applications:

Malwarebytes’ Anti-Malware
SUPERAntispyware Professional
Zemana Anti-Malware powered by HitmanPro

HIPS, AntiLogeers, Behaviour Blockers:

SoftSphere DefenseWall HIPS
Zemana AntiLogger

Is Online Banking safe? MRG Effitas Poll Results

Sveta — Tue, 01 Nov 2011 18:06:16 +0000

MRG Effitas Begins Defining Anti-Malware Testing Certification Standards

Sveta — Wed, 26 Oct 2011 16:46:30 +0000

Due to the lack of any independent certification of Anti-Malware or IT security testing, MRG Effitas has started the process of rationalizing and rigorously defining its testing philosophy, objectives and methodology before having these ISO 9001 certified. We would welcome … Continue reading →

Earthquake In Turkey

Sveta — Sun, 23 Oct 2011 21:30:22 +0000

There has been a huge earthquake in Turkey today which has caused an as yet unknown loss of life and large scale destruction. The earthquake of magnitude 7.2 occurred at 1:41 p.m. local time and there were at least seven large aftershocks.

We have several good friends in the country and are in the process of trying to contact them to ensure they are okay.

We send our best wishes to the people of Turkey and hope there are as few casualties as possible.

Microsoft Takes Down Kelihos Botnet

Sveta — Thu, 29 Sep 2011 19:03:55 +0000

Continuing its legal assault on botnet operators and the hosting companies that the criminals use for their activities, Microsoft has announced new actions against a group of people it contends are responsible for the operation of the Kelihos botnet. The company has also helped to take down the botnet itself and says that Kelihos’s operators were using it not only to send out spam and steal personal information but also for some more nefarious purposes.

Kelihos, which is sometimes grouped in with the more well-known Waledac botnet, is a fairly small botnet, at an estimated 41,000 machines, but Microsoft officials said that the network was being used for a large variety of activities, including child pornography. Microsoft on Tuesday notified the defendants in the civil cases it has filed in relation to the Kelihos botnet and last week the company also got a temporary restraining order in federal court in Virginia against a man in the Czech Republic named Dominique Alexander Piatti and 22 unnamed people in connection with the operation of the botnet.

“On Sept. 22nd, Microsoft filed for an ex parte temporary restraining order from the U.S. District Court for the Eastern District of Virginia against Dominique Alexander Piatti, dotFREE Group SRO and John Does 1-22. The court granted our request, allowing us to sever the known connections between the Kelihos botnet and the individual “zombie computers” under its control. Immediately following the takedown on Sept. 26th, we served Dominique Alexander Piatti, who was living and operating his business in the Czech Republic, and dotFREE Group SRO, with notice of the lawsuit and began discussions with Mr. Piatti to determine which of his subdomains were being used for legitimate business, so we could get those customers back online as soon as possible. We are also beginning our efforts to notify the other John Doe defendants in this case, and will be actively continuing our investigation to find out more about the people behind this botnet,” Richard Boscovich, senior attorney in Microsoft’s Digital Crimes Unit, said in a blog post on the takedown operation.

The restraining order allowed Microsoft to disable the IP addresses and domains involved in the Kelihos botnet’s operation without notifying the alleged operators in advance. The botnet comprised just two IP addresses running the command-and-control servers and 21 separate domains. In its petition for the restraining order, Microsoft said that Kelihos-infected machines sent out huge volumes of spam, including the typical stock and pharmaceutical scams, but also some messages that appear to promote sites engaged in child pornography.

This is the latest in a series of similar actions that Microsoft’s Digital Crimes Unit has initiated against botnets in the last couple of years. In March the company and researchers from FireEye took down the Rustock botnet, which was a much larger and more disruptive network than Kelihos. A year earlier, Microsoft helped take down the Waledac botnet with similar tactics.

But the takedown of Kelihos and the related legal action is different from previous operations in that not only is Microsoft going after the botnet domains and IP addresses, but it is naming the person that it considers to be responsible for the operation of the network. Boscovich also said in his blog post that Microsoft hopes the Kelihos takedown will send a message to botnet operators and hosting providers about the company’s seriousness in addressing the problem.

“Naming these defendants also helps expose how cybercrime is enabled when domain providers and other cyber infrastructure providers fail to know their customers. Without a domain infrastructure like the one allegedly hosted by Mr. Piatti and his company, botnet operators and other purveyors of scams and malware would find it much harder to operate anonymously and out of sight. By taking down the botnet infrastructure, we hope that this will help deter and raise the cost of committing cybercrime,” Boscovich wrote.

- Threat Post