AVAR 2005: wired to wireless, hacker to cyber-criminal?


Righard Zwienenberg

Norman, The Netherlands
Editor: Helen Martin


Righard Zwienenberg reports on the 8th annual AVAR conference in Tianjin, China.

The 8th annual AVAR conference was held on 17 and 18 November 2005 and took place in Tianjin, China.

During the opening session of the conference, media attention was immense with about a small dozen camera crews shooting footage. Since the morning's programme featured some high ranking state officials, there was also a heavy security presence. In the midst of this crowd, AVAR's chairman Seiji Murakami welcomed all delegates and visitors to the conference, speaking partly in Chinese. It was then over to the conference chair, Mr Zhang Jian, to open the conference.

The first speaker was Xu Jianzhuo from China's Ministry of Public Security, who talked about the current cybercrime situation in China. Like any other country, China has its problems with cybercrime, which is on the increase. Mr Jianzhuo explained that instant messaging is also very popular in China and therefore an easy target, with QQ being the most popular messenger. As a nice (if slightly off-topic) anecdote to demonstrate its popularity, Mr Jianzhuo related the story of a farmer who had lost his cow and who used QQ to appeal for information, asking any subscriber to contact him if they knew of the cow's whereabouts.

During the rest of the morning's sessions, the audience was briefed on the malware prevalence and Internet security situation in China and South Korea. Chen Mingqi of the national Computer Network Emergency Response Team (CNCERT) gave a presentation focusing on the problems surrounding botnets. An interesting note I took from his presentation was that, under current laws, the use of a command to remove a bot from an affected system could be an illegal action itself if carried out from a remote system. Mr Wankeun Jeon of the Korea Information Security Agency suggested forcing Windows to be updated through game sites as one of the new Internet security strategies.

The afternoon started with Ralph Liu presenting a model of how to prevent and manage unknown security threats. He was followed by Microsoft's Jason Garms who gave us an insight into the way in which Microsoft assesses ongoing malware prevalence.

Next, Eugene Kaspersky demonstrated that virus writers are now collaborating, both amongst themselves and often with organized crime gangs where they are actively working against anti-virus companies.

On the second day, Vesselin Bontchev informed us about the 'virusability' of Palm OS, the risks, the different means of potential infections and the difficulties involved in making an anti-virus product for these devices. Gabor Szappanos explained the pros and cons of worm traps, going into detail about the different types of trap that can be set up. It was interesting to note that in August, Netsky.Q was still the most prevalent virus caught by Gabor's traps.

Candid Wueest confronted attendees with the current threats posed upon online banking. He described the problems with online banking and the situations where the virtual safety is not always actually safe. Even though a connection with a bank might be safe, the information may already have been stolen and sent before it is encrypted. Candid also gave some hints and examples on how to make online banking safer.

François Paget gave an overview of the different ways in which one can become infected with spyware and targeted by adware, what it will do to your system, how it hides itself, and what kind of information is vulnerable. More importantly, he explained several ways in which you can examine your systems to find these critters using freely available utilities. He also demonstrated the basics of removing spyware and adware, but indicated that most of the time this is a complex task.

The conference ended with a panel session in which panellists Eric Ashdown, Dmitry Gryaznov and Guillaume Lovet gave a short presentation about new threats on the Internet, the differences with the past and the way in which the Internet is now exploited by organized criminals using malware, phishing and pharming techniques for monetary gain.

After the closing panel, the traditional conference closing ceremony was held and the venue and organizers of the next AVAR conference were announced: AVAR 2006 will be held in Auckland, New Zealand (dates to be announced in due course at http://www.aavar.org/ ). The role of conference chairman was passed on to Eset's Randy Abrams for 2006. [Good luck Randy! - Ed]



Latest articles:

VB2018 paper: Analysing compiled binaries using Logic

In this paper Thaís Moreira Hamasaki provides an introduction to some practical applications of SMT solvers in IT security, investigating the theoretical limitations and practical solutions, focusing on their use as a tool for binary static analysis.

VB2018 paper: Internet balkanization: why are we raising borders online?

Nowadays, walls are not just being raised in the real world, but on the Internet as well. Countries want to isolate themselves and shut down the information they are not comfortable with, or the companies they don’t want to do business with. Freedom…

VB2018 paper: Where have all the good hires gone?

Much ink has been spilled on the subject of the information security skills gap, and how difficult it is to hire and retain people for these positions. And yet, we all know someone who has had a hard time finding a suitable position despite having…

VB2018 paper: Little Brother is watching – we know all your secrets!

In their research, Siegfried Rasthofer, Stephan Huber & Steven Arzt evaluated the security level of the most popular family-tracking apps on Android. They assessed the security of the respective apps and conducted assessments of the corresponding…

VB2018 paper: Inside Formbook infostealer

Formbook is an infostealer that has been advertised for sale in public hacking forums since February 2016 by a user with the handle ‘ng-Coder' but only came to public attention after it was extensively used in spam campaigns in late 2017. This paper…

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.