A Closer Look at Rapport from Trusteer

by Carol~ Moderator - 4/30/10 8:56 AM

In Reply to: NEWS - April 30, 2010 by Carol~ Moderator

From Brian Krebs' "Krebs on Security":

A number of readers recently have written in to say their banks recently have urged customers to install a security program called Rapport as a way to protect their online bank accounts from fraud. The readers who pinged me all said they didnt know much about this product, and did I recommend installing it? Since it has been almost two years since I last reviewed the software, I thought it might be useful to touch base with its creators to see how this program has kept pace with the latest threats.

The basics elements of Rapport designed by a company called Trusteer havent changed much. As I wrote in May 2008, the software works by assuming control over the application programming interfaces or APIs in Windows, the set of tools which allow software developers to create programs that interact with key Windows functionalities.

From that 2008 piece:

Some of todays nastiest data-stealing malware works by hijacking these Windows APIs. For example, keyloggers simply hijack or hook the Windows API that handles the transmission of data from user interfaces, such as the keyboard and mouse. A more advanced type of malware known as a form grabber hijacks the WinInet[/url] API which sets up the SSL (think https://) transaction between the users browser and the encrypted Web site. By hijacking this API, a form grabber can rip out usernames and passwords even when the user is submitting them into a site that encrypts the data during transmission because it grabs that information at the lower level of the operating system, before it is encrypted.

Trusteers software examines these and other vital Windows APIs to see if any other process is trying to intercept sensitive data. It then blocks those that do.

Continued here: http://krebsonsecurity.com/2010/04/a-closer-look-at-rapport-from-trusteer/