AVAR 2005: wired to wireless, hacker to cyber-criminal?


Righard Zwienenberg

Norman, The Netherlands
Editor: Helen Martin


Righard Zwienenberg reports on the 8th annual AVAR conference in Tianjin, China.

The 8th annual AVAR conference was held on 17 and 18 November 2005 and took place in Tianjin, China.

During the opening session of the conference, media attention was immense with about a small dozen camera crews shooting footage. Since the morning's programme featured some high ranking state officials, there was also a heavy security presence. In the midst of this crowd, AVAR's chairman Seiji Murakami welcomed all delegates and visitors to the conference, speaking partly in Chinese. It was then over to the conference chair, Mr Zhang Jian, to open the conference.

The first speaker was Xu Jianzhuo from China's Ministry of Public Security, who talked about the current cybercrime situation in China. Like any other country, China has its problems with cybercrime, which is on the increase. Mr Jianzhuo explained that instant messaging is also very popular in China and therefore an easy target, with QQ being the most popular messenger. As a nice (if slightly off-topic) anecdote to demonstrate its popularity, Mr Jianzhuo related the story of a farmer who had lost his cow and who used QQ to appeal for information, asking any subscriber to contact him if they knew of the cow's whereabouts.

During the rest of the morning's sessions, the audience was briefed on the malware prevalence and Internet security situation in China and South Korea. Chen Mingqi of the national Computer Network Emergency Response Team (CNCERT) gave a presentation focusing on the problems surrounding botnets. An interesting note I took from his presentation was that, under current laws, the use of a command to remove a bot from an affected system could be an illegal action itself if carried out from a remote system. Mr Wankeun Jeon of the Korea Information Security Agency suggested forcing Windows to be updated through game sites as one of the new Internet security strategies.

The afternoon started with Ralph Liu presenting a model of how to prevent and manage unknown security threats. He was followed by Microsoft's Jason Garms who gave us an insight into the way in which Microsoft assesses ongoing malware prevalence.

Next, Eugene Kaspersky demonstrated that virus writers are now collaborating, both amongst themselves and often with organized crime gangs where they are actively working against anti-virus companies.

On the second day, Vesselin Bontchev informed us about the 'virusability' of Palm OS, the risks, the different means of potential infections and the difficulties involved in making an anti-virus product for these devices. Gabor Szappanos explained the pros and cons of worm traps, going into detail about the different types of trap that can be set up. It was interesting to note that in August, Netsky.Q was still the most prevalent virus caught by Gabor's traps.

Candid Wueest confronted attendees with the current threats posed upon online banking. He described the problems with online banking and the situations where the virtual safety is not always actually safe. Even though a connection with a bank might be safe, the information may already have been stolen and sent before it is encrypted. Candid also gave some hints and examples on how to make online banking safer.

François Paget gave an overview of the different ways in which one can become infected with spyware and targeted by adware, what it will do to your system, how it hides itself, and what kind of information is vulnerable. More importantly, he explained several ways in which you can examine your systems to find these critters using freely available utilities. He also demonstrated the basics of removing spyware and adware, but indicated that most of the time this is a complex task.

The conference ended with a panel session in which panellists Eric Ashdown, Dmitry Gryaznov and Guillaume Lovet gave a short presentation about new threats on the Internet, the differences with the past and the way in which the Internet is now exploited by organized criminals using malware, phishing and pharming techniques for monetary gain.

After the closing panel, the traditional conference closing ceremony was held and the venue and organizers of the next AVAR conference were announced: AVAR 2006 will be held in Auckland, New Zealand (dates to be announced in due course at http://www.aavar.org/ ). The role of conference chairman was passed on to Eset's Randy Abrams for 2006. [Good luck Randy! - Ed]



Latest articles:

A review of the evolution of Andromeda over the years before we say goodbye

Andromeda, also known as Gamaru and Wauchos, is a modular and HTTP-based botnet that was discovered in late 2011. From that point on, it managed to survive and continue hardening by evolving in different ways. This paper describes the evolution of…

VB2012 paper: Malware taking a bit(coin) more than we bargained for

When a new system of currency gains acceptance and widespread adoption in a computer-mediated population, it is only a matter of time before malware authors attempt to exploit it. As of halfway through 2011, we started seeing another means of…

VB2017 paper: VirusTotal tips, tricks and myths

Outside of the anti-malware industry, users of VirusTotal generally believe it is simply a virus-scanning service. Most users quickly reach erroneous conclusions about the meaning of various scanning results. At the same time, many very technical…

The threat and security product landscape in 2017

VB Editor Martijn Grooten looks at the state of the threat and security product landscape in 2017.

VB2017 paper: Nine circles of Cerber

The Cerber ransomware was mentioned for the first time in March 2016 on some Russian underground forums, on which it was offered for rent in an affiliate program. Since then, it has been spread massively via exploit kits, infecting more and more…

Bulletin Archive