AVAR 2005: wired to wireless, hacker to cyber-criminal?


Righard Zwienenberg

Norman, The Netherlands
Editor: Helen Martin


Righard Zwienenberg reports on the 8th annual AVAR conference in Tianjin, China.

The 8th annual AVAR conference was held on 17 and 18 November 2005 and took place in Tianjin, China.

During the opening session of the conference, media attention was immense with about a small dozen camera crews shooting footage. Since the morning's programme featured some high ranking state officials, there was also a heavy security presence. In the midst of this crowd, AVAR's chairman Seiji Murakami welcomed all delegates and visitors to the conference, speaking partly in Chinese. It was then over to the conference chair, Mr Zhang Jian, to open the conference.

The first speaker was Xu Jianzhuo from China's Ministry of Public Security, who talked about the current cybercrime situation in China. Like any other country, China has its problems with cybercrime, which is on the increase. Mr Jianzhuo explained that instant messaging is also very popular in China and therefore an easy target, with QQ being the most popular messenger. As a nice (if slightly off-topic) anecdote to demonstrate its popularity, Mr Jianzhuo related the story of a farmer who had lost his cow and who used QQ to appeal for information, asking any subscriber to contact him if they knew of the cow's whereabouts.

During the rest of the morning's sessions, the audience was briefed on the malware prevalence and Internet security situation in China and South Korea. Chen Mingqi of the national Computer Network Emergency Response Team (CNCERT) gave a presentation focusing on the problems surrounding botnets. An interesting note I took from his presentation was that, under current laws, the use of a command to remove a bot from an affected system could be an illegal action itself if carried out from a remote system. Mr Wankeun Jeon of the Korea Information Security Agency suggested forcing Windows to be updated through game sites as one of the new Internet security strategies.

The afternoon started with Ralph Liu presenting a model of how to prevent and manage unknown security threats. He was followed by Microsoft's Jason Garms who gave us an insight into the way in which Microsoft assesses ongoing malware prevalence.

Next, Eugene Kaspersky demonstrated that virus writers are now collaborating, both amongst themselves and often with organized crime gangs where they are actively working against anti-virus companies.

On the second day, Vesselin Bontchev informed us about the 'virusability' of Palm OS, the risks, the different means of potential infections and the difficulties involved in making an anti-virus product for these devices. Gabor Szappanos explained the pros and cons of worm traps, going into detail about the different types of trap that can be set up. It was interesting to note that in August, Netsky.Q was still the most prevalent virus caught by Gabor's traps.

Candid Wueest confronted attendees with the current threats posed upon online banking. He described the problems with online banking and the situations where the virtual safety is not always actually safe. Even though a connection with a bank might be safe, the information may already have been stolen and sent before it is encrypted. Candid also gave some hints and examples on how to make online banking safer.

François Paget gave an overview of the different ways in which one can become infected with spyware and targeted by adware, what it will do to your system, how it hides itself, and what kind of information is vulnerable. More importantly, he explained several ways in which you can examine your systems to find these critters using freely available utilities. He also demonstrated the basics of removing spyware and adware, but indicated that most of the time this is a complex task.

The conference ended with a panel session in which panellists Eric Ashdown, Dmitry Gryaznov and Guillaume Lovet gave a short presentation about new threats on the Internet, the differences with the past and the way in which the Internet is now exploited by organized criminals using malware, phishing and pharming techniques for monetary gain.

After the closing panel, the traditional conference closing ceremony was held and the venue and organizers of the next AVAR conference were announced: AVAR 2006 will be held in Auckland, New Zealand (dates to be announced in due course at http://www.aavar.org/ ). The role of conference chairman was passed on to Eset's Randy Abrams for 2006. [Good luck Randy! - Ed]



Latest articles:

VB2018 paper: Uncovering the wholesale industry of social media fraud: from botnets to bulk reseller panels

In this paper GoSecure researchers Masarah Paquet-Clouston and Olivier Bilodeau explore an undocumented segment of the social media fraud (SMF) industry: wholesaling, from botnet supply operations to bulk reselling.

VB2018 paper: Now you see it, now you don't: wipers in the wild

There has recently been a trend of APT campaigns including a 'wiper' functionality to destroy data, either as a means to remove evidence or as its core purpose. This paper examines three different classifications of wipers through examples of various…

VB2018 paper: Who wasn’t responsible for Olympic Destroyer

Paul Rascagnères & Warren Mercer present the malware that they have identified – with moderate confidence – as having been used in the attack against the 2018 Winter Olympic Games. They describe the malware’s propagation techniques and its…

VB2018 paper: From drive-by download to drive-by mining: understanding the new paradigm

Jérôme Segura discusses the rise of drive-by cryptocurrency mining, explaining how it works and putting it in the broader context of changes in the cybercrime landscape.

The dark side of WebAssembly

The WebAssembly (Wasm) format rose to prominence recently when it was used for cryptocurrency mining in browsers. This opened a Pandora’s box of potential malicious uses of Wasm. In this paper Aishwarya Lonkar & Siddhesh Chandrayan walk through some…

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.