The BSSID is the MAC-based physical address of the wireless router or access point through which the user is connecting to the Internet via WiFi. The new technique is based on identifying the infected system’s BSSID (Basic Service Set Identifier). In the post, Mertens said he had discovered a new malware strain that is using a second technique on top of the IP-to-Geo database lookup. Xavier Mertens, a security researcher with the SANS Internet Storm Center, unveiled a discovery in a blog post last month. Increasing accuracy through layered geo-location methods That said, it has been the most reliable method of determining a user’s actual physical location based on data found on their computer. This IP-to-geo database technique isn’t very accurate. By the same token, an attacker might specifically target computers located in a specific country, or target IPs belonging to a targeted organization. Why does location matter?įor example, a malefactor might avoid infecting addresses from their own country, or they could avoid the IPs that belong to a security vendor. They simply grab the victim’s IP address and check it against an IP-to-geo database to get a victim’s approximate geographical location.īy checking the public IP address used by the victim, an attacker can thus avoid infecting friendlies or security services that could pose a threat to their activities.
Malware operators who want to know the location of their victims usually rely on a simple technique to determine the infected system’s location. You can see the BSSID on Windows systems by running the command: netsh wlan show interfaces | find "BSSID" Mertens said the malware he discovered was collecting the BSSID and then checking it against a free BSSID-to-geo database maintained by Alexander Mylnikov.The malware authors the WiFi AP MAC address (aka BSSID) to geo-locate the systems they have infected. Known as a "Basic Service Set Identifier," the BSSID is basically the MAC physical address of the wireless router or access point the user is using to connect via WiFi. This second technique relies on grabbing the infected user's BSSID. However, in a blog post last month, Xavier Mertens, a security researcher with the SANS Internet Storm Center, said he discovered a new malware strain that is using a second technique on top of the first. While the technique isn't very accurate, it is still the most reliable method of determining a user's actual physical location based on data found on their computer. An anonymous reader shares a report: Malware operators who want to know the location of the victims they infect usually rely on a simple technique where they grab the victim's IP address and check it against an IP-to-geo database like MaxMind's GeoIP to get a victim's approximate geographical location.
0 kommentar(er)
