Events

AVAR, China and insecure Wi-Fi networks

Hello from Tianjin in China, and the AVAR 2005 conference. We’re 150km from Peking, near the Bohai sea. This year’s conference is the eighth annual event for virus analysts from the Asian region, and it’s one of the highlights of an antivirus researcher’s calendar, together with VB, CARO and EICAR.

This year attendance is good, with leading virus analysts along with IT industry people and government officials. For instance, speakers include Dmitry Gryaznov and Igor Muttik from McAfee, Vesselin Bontchev from Frisk and Eugene from…well, we know where he’s from.

   

There are also speakers from the Chinese Ministry of the Interior, which has done a lot in the past few years to combat cyber crime.

   

Eugene’s presentation was greeted enthusiastically and there were lots of questions. While he was speaking, I started doing a bit of research. I wanted to check out the wireless Internet connections, as well as mobile devices.

I found 3 WiFi-networks straight away. None of them encrypted traffic, but all of them had built-in DHCP servers. In short, all 3 were potentially vulnerable to war drivers. By the way, tomorrow I’m going to scan other WiFi networks in Tianjin and Peking.

Next I took a Bluetooth transmitter with a 100 meter radius and walked around the conference hall scanning for Bluetooth devices in ‘visible to all’ mode. I found plenty:

Overall, I found 9 mobile devices with Bluetooth ‘visible to all’ mode enabled, 8 of them Nokia smartphones. Yes, I know. You’d think that people attending an antivirus conference would know better. In fact, I had been hoping that I wouldn’t find any at all.

The good news is that none of the phones were infected with Cabir. At least, not yet…

AVAR, China and insecure Wi-Fi networks

Your email address will not be published.

 

Reports

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Lazarus Trojanized DeFi app for delivering malware

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor.

MoonBounce: the dark side of UEFI firmware

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

Subscribe to our weekly e-mails

The hottest research right in your inbox