Anti-Rapport attacks detected in the last two years ranged from an early 2009 attempt to de-install it from targeted PCs, to more recent incursions that simply tried to remove the process from memory, Trusteer CEO Mickey Boodaei said.
At least one Zeus attack had used the challenging but potentially serious technique of trying to undermine Rapport's security layer by compromising Windows itself, Boodaei added.
The details emerged after a skirmish last week with security rival Trend Micro on the claimed merger of the two most feared bank theft Trojans, Zeus and SpyEye. One development of this fusion was said to be a new feature that attempted to disable Rapport.
Trusteer subsequently put out a statement saying that the anti-Rapport malware module in question attempted to interfere with an element of its protection that blocked HTML injection.
“This is something that Rapport immediately detects and reacts to by removing the offending software from the computer,” read a response from Trusteer CTO, Amit Klein.
“Zeus has been launching direct attacks against Trusteer for the last couple of years now. There are several different attacks against Rapport incorporated into different versions of Zeus, all of which focus on disabling the software on customer computers. All are successfully blocked by Trusteer. We're probably the most attacked brand in the security industry today,” said CEO Boodaei in a statement offering further elaboration on the theme.
The Rapport system – which connects browser and bank system using an encrypted channel - is considered the leading anti-Trojan tool for online banks that don’t want to go as far as equipping users with access using virtualised-session USB sticks. An example of the latter approach would be IronKey.
The software is used by a range of banks, including ING Direct, Alliance & Leicester, First Direct, The Royal Bank of Scotland, NatWest, and HSBC, plus a range of institutions in the US and Canada.
Trusteer offers the argument that Zeus/SpyEye’s makers take a risk when they attack a specific program such as Rapport because in doing so the malware betrays its presence to monitoring systems.
“It seems to me that in their passion to differentiate service from other malware tools, the authors of SpyEye ignored a simple rule - for malware it's always better to keep a low profile,” said Boodaei of the latest attack.
According to Trusteer, Rapport is not the only security tool that has had to stay sharp to stop Zeus. Only three months ago, Microsoft’s Malicious Software Removal Tool (MSRT) lost its ability to detect the malware only weeks after first adding such capability.