About This Blog

Secure Science Corporation is dedicated to computing security. This blog offers topics, advice, and alerts to educate and entertain.

RSS feed



Authors

Lance James

Lance James is an American computer scientist, considered an expert on computer security techniques such as anti-phishing.

Secure Science Blog

Jul

26

2007

GPCode Evolution

This report contains a description of the more obscure, previously undocumented traits belonging to the GPCode/Glamour trojan. The code is a modified version of the Prg/Ntos family which was detailed in depth during our Encrypted Malware Analysis in November 2006. While a majority of the functionality has not changed since then, this recent variant is distinctive enough to warrant additional research. In particular, the trojan is now equipped with the ability to encrypt a victim’s files on disk. The motive for adding this feature is clearly monetary, as the victim is advised that the files will remain encrypted unless $300 is turned over to the authors, in exchange for a decryption utility.
2007/07/26 03:39:27 PDT | Lance James | » permalink

Jul

19

2007

De-RansomWare

As some of you may have read in our blog, we wrote an article regarding encrypted malware analysis back in November of 2006. Well, it's reared it's ugly head again, this time with the tune of "give us your money or we delete your files". Well have no fear for we have released a decoder that will release your files for you.
2007/07/19 06:41:43 PDT | Lance James | » permalink

Apr

29

2007

Please Forward Your Number to Skype!

Phishing scams for banks aren’t really new, but one received last night came with a new twist. The spam e-mail stated:

 

 

 

Bank of America Warning

Dear Bank of America Customer,

During our regular update and verification we could not verify your current
phone number.
Either your information has been changed or it is incomplete.
Please update your phone number by
CLICKING HERE [http://www.xxxxxxx.de/gallery/albums/userpics/boa/] or on the link: http://www.xxxxxxx.de/gallery/albums/userpics/boa/ [http://www.bankofamerica.com/updatephone]

If this is not completed by April 24 , 2007, we will be forced to suspend
your account indefinitely.

2007/04/29 01:12:13 PDT | Lance James | » permalink

Apr

29

2007

1 of 10 Fortune 1000's Vulnerable

Nowadays it seems like old-school insecurities like the phf exploit and public DNS Zone Transfers are a thing of the past. When asked about Zone transfers, many security researches admitted to not checking for them any more, waiving them off as a waste of time.


However, this is not always the case. Recent research into the matter by Secure Science's External Threat Assessment Team (ETAT) revealed that 10% of systems polled still allow unauthenticated zone transfers.

2007/04/29 12:53:08 PDT | Lance James | » permalink

Nov

16

2006

Encrypted Malware Analysis

Secure Science Corporation (www.securescience.net) and Michael Ligh of http://mnin.org put together a paper on an interesting piece of malware. We include a removal kit, snort signatures. Source code and decryptor are available by request.

The paper can be found at:

http://ip.securescience.net/advisories/pubMalwareCaseStudy.pdf

Enjoy.
2006/11/16 02:57:13 PST | Lance James | » permalink

Nov

2

2006

Emerging Threat Analysis

This is an announcement that Secure Science Corporation's Chief Scientist has participated in a recently published book. This is Lance's second book (Phishing Exposed).

 

No other book on the market today provides the breadth of coverage found in Syngress Force Emerging Threat Analysis: From Mischief to Malicious. As the title suggests, the book deals with the full spectrum of threats while profiling the likely perpetrators. Coverage includes securing Voice over IP, malware prevention and detection, e-mail threats such as phishing and spamming, RFID attacks, and social engineering. With the ever increasing demand for highly skilled IT security professionals, this book fills an immediate need.

Authors:
David Maynor, Lance James, Spammer-X, Tony Bradley, Frank Thornton, Brad
Haines, Brian Baskin, Anand Das, Hersh Bhargava, Jeremy Faircloth, Craig
Edwards, Michael Gregg, Ron Bandes


More information on this book can be found here:
http://www.syngress.com/catalog/?pid=3670

2006/11/02 04:58:24 PST | Lance James | » permalink

Oct

18

2006

Myths on Key-Logging (Virtual Keyboards)

We've been dealing with phishing malware since 2003, and within the lifespan of phishing malware, the main method for collecting data is through what's dubbed "form-grabbing". This technique steals the submissions (POST) from the web client (IE or FireFox) when signing into a financial institution website.

virtualkeyboards.pdf

Here is a powerpoint we put together focusing on why authentication systems such as Virtual Keyboards and Scramble Pads do not protect from almost all the phishing malware on the Internet today.
2006/10/18 10:01:40 PDT | Lance James | » permalink

Sep

26

2006

VML Exploit Patched

Microsoft has finally released the VML patch for the recent Internet Explorer 0-day that's been plaguing the Internet.

http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx

 

Update your windows systems immediately.

2006/09/26 04:50:51 PDT | Lance James | » permalink

Copyright © 2006 Secure Science Corporation