From: eldar@lomi.spb.su (Eldar A. Musaev) Date: Mon, 18 Feb 91 13:47:13 +0300 (MSK) Subject: Viruses in the USSR This is my paper on the situation with viruses in the USSR. It was written in october-november of 1990, so there are some notes to it: 1)It does not names all viruses in the SU, but this number is NOT too high. Maybe there are a couple of dozens, not more. If you'd got an information about hundred and more viruses in the USSR, don't beleive it ! 2)Vienna (648) virus is dated by 1987 there. I don't know how it could be and where is a bug but three my friends independently points out to 1987 as a first time of our problems with this virus. This is the reason why I've left out this date in the paper, though ALL other sourcers points out to the 1988. I try to make who-is-who in our field so I am interested in names, adresses, fields of interests of antiviral researchers all over the world. Another (and ORIGINAL) reason for this interest is that I am writing (and modifing) the book devoted to the problems connected with the different badware. I don't want to make a catalog, but a textbook for students and future antiviral researchers. It is going concurrently with a research work, so I'm interested to discuss different ideas as wide as possible. Eldar A. Musaev Ph.D., Researcher Leningrad Division of the Mathematical Institute Academy of Sciences of the USSR email: eldar@lomi.spb.su USSR 191 011 Leningrad (maybe through fuug.fi, or Fontanka 27 demos!lomi.spb.su!eldar@fuug.fi) **************************************************************** Eldar A.Musaev COMPUTER VIRUSES IN THE USSR First time I had met a virus in my computer was the end of 1986 - first months of 1987. It was well known Vienna virus (648, COM-files). Since that time I am closely connected with this problem and observe the situation in the USSR. Due to some reasons it is hard nowadays to organize antiviral community in the USSR and get full information. Despite that I've could keep together sufficient volume of information on this problem. What viruses circulated in the USSR this time ? 1.648, COM, Vienna - As I have already said I've got it at the beginning of 1987 from Mathematical Institute in Moscow. They got it at the end of 1986 from one of the U.S. universities with the game. It is strange but all sources reffers to the 1988, so this incident seems to be one of the first ones. 2.Dropper, 1701, Falling Letters - I've met it first at the computer in my institute (Mathematical Institute of Academy of Sciences, Leningrad). The supposed source is the Palace of Pioneers and Schoolboys in Leningrad. They could got it from game. Most of all, this game was brought from the West by one of the parents. This virus appeared in the USSR approximately in the middle of 1987(88?) 3.TPxx-family, Yankee Doodle - oI've never met them in a wild state. I've got an exemplar of this virus from friend, who had isolate it during recreational work under the computer in one of the Leningrad institutes. Some other version I've got from S.Abramov (antiviral researcher in Pereslavl-Zalessky) and friends in Leningrad. Possible sources - big parties of bulgarian computers, games. 4.Dark Avenger, Sofia, Eddie - First time I've met and isolated this virus was an autumn(?) of 1989 at the computer bought in West Berlin. It was on the disk with legal exemplar of a Disk Manager. It seems to be so that this disk was infected during the use at the infected computer in West Berlin. First information about this virus in the USSR referred to the summer of the 1989. 5.Black Friday, Jerusalem(?), Black Hole - First information I've heard about this virus referred to the summer 1988(???). Possible sources - West Berlin, South-Eastern Asia. 6.Italy Ball - I've got it from friends in Leningrad Institute of Informatic and Automatization of Academy of Sciences in the autumn 1988. First information referred to the summer-spring 1988. 7.532, COM - safe variant of the 648-virus. There is suggestion that it was made from 648-virus in the Soviet Union. I amn't quite sure that it is so. In particular american sources are familiar with this virus but the stream of programs from SU to US seems to be very pure to provide explosion of any soviet vires, if present at all, to the U.S. First information on this virus is dated by 1988 BOOKS At the autumn of 1990 there was not printed books on this topic. Nearest time "Computer virusology" of N.N.Bezrukov is supposed to be published. There are some computer prepared manuscripts (all one are in Russian). 1.PC Shield Demo&Tutorial Disk / Sergey Abramov &oth. - Pereslavl-Zalessky: Institute of the Program Systems, 1988 - contains approx. 170 Kb data base in Norton Guides format. For users. 2.Computer Virusology / N.N.Bezrukov - Kiev: KIIGA, 1988-90 Depending on the version from 120 to 700 Kb manuscript. For system programmers, users. 3.Computer viruses and antiviruses / Anatoly Sedoi - Leningrad: Novintex, 1990 About 1.2 Mb of manuscript. For system programmers and user's. 4.Trojanology / Eldar Musaev - Leningrad: LOMI, 1990 About 150 Kb of manuscript. For students&developers of antiviral software PAPERS There are some papers in new computer journals. Most of them are not very professional, but useful as a popular introduction in the problem. The paper of Bezrukov ([9]) is the only paper which is not only a popular paper and contains some attempts of really systemathic approach. Standard structure of other papers is: - an introduction to history and some funnystories on the topic; - recommenations to avoid any infected software, some words for a legal way to obtain programs; - list of some viruses with several technical notes (such as a length, standard victims etc.) - some words about western antiviral programs, maybe, about a couple of soviet ones; - and advertisment of the author's antiviral product. Here is a list of these papers. All ones are in Rusian. 1.Some considerations on the computer viruses / A.Chijov (F&Xb;jd) - In the world of PC (D vbht GR) - Moscow: IDG Communication, Radio&communication, 1988 - N 1 - p.121-124 The basis information, some rude words about illegal software. 2.Osipenko A.S. Computer viruses (Jcbgtyrj F&C& Rjvgm.nthyst dbhecs) / World of PC (Vbh GR) - Moscow: ICE, 1990 - N3 - p.23-30 The basis information, description of some viruses, some recommendations to avoid viruses. 3.Nikolaev A. Attention - virus ! (Ybrjkftd F& Jcnjhj;yj - dbhec !)/ Computer Press - Moscow: Sovaminko, 1990 - N6 - p.3-16 A review and a summary of the west publications. 4.Lozinski D. One of the soviet antiviral programs: AIDSTEST (Kjpbycrbq L& Jlyf bp cjdtncrb[ fynbdbhecys[ ghjuhfvv: AIDSTEST)/ Computer Press - Moscow: Sovaminko, 1990 - N6 - p.17-20 An advertyisment of the author's antiviral program. 5.Cadloff Andjey Viruses (Fyl;tq Rflkja Dbhecs)/ Computer - Moscow: Finances&Statistiks, Komputer, 1990 - N1 - p.44-47 The history and some recommendations. 6.Agasandyan G. Don't harm your fellow creature (U&Fufcfylzy Yt dhtlb ,kb;ytve cdjtve) / Computer - Moscow: Finances& Statistiks, Komputer, 1990 - N1 - p.47-49 Description of 5 viruses 7.Psemyslav Vnuk 10 Antiviral commandments (Gitvsckfd Dyer 10 Fynbdbhecys[ pfgjdtltq) / The same - p.49 Antiviral recommendations 8.Ageev C. Wonders in our "zoo" (Futtd R& Xeltcf d yfitv pjjgfhrt) / File (Afqk) - Moscow: Mir, 1990 - May - p.61-65 Descriptions of some viruses and a few words on the history and antiviral protection. 9.Bezrukov N.N. Classification of viruses / Intercomputer - Moscow: Interunity, 1990 - N3 - p.38-47 RESEARCHERS There are many separate researchers and little groups in this field, but as a main activity it is used only in some join ventures and little commercial firms. The only centre where scientific approach could be recognized is Kiev. The main groups are: Leader Sity Comments N.N.Bezrukov Kiev Computer virusology, analysis, computer bulletin S.Abramov Pereslavl- Antiviral software Zalesski C.Ageev Leningrad Antiviral software A.Chizhov Moscow Antiviral software That is only most evident groups, not separate user. Really complete list you can read in appendix. The main problem of antiviral researches in SU is the absense of financial support, so most of work concerns the development of antiviral software with well known ideas - active monitors, detectors, control sums checkers. Fundamental research in this field nowadays is practically impossible. VIRUSOLOGY MEETINGS For a long time the only place for soviet virusologists to meet (excluding occasional personal contacts) was the seminar of system programming in Kiev, organized by N.Bezrukov. This autumn the "VIRUS-90" conference was held in Kiev and that was the first conference of this kind. The only problem with this conference was a high registration fee (about 100 rubles, that is near to the 30-50% of a month salary of Ph.D. mathematician in research institute), so many researchers from non-commercial organizations had no possibility to participate this conference. The main topic at conference (at least by the time) was description of new antiviral software. For additional information see appendix (written by A.Sedoi, translated in short by me). ----------------------------------------- Appendix (C) Anatoly Sedoy, NovInTex, InfoPro, Leningrad, 1990 (C) Translation in short in English Eldar A.Musaev, Mathem.Institute of Acad.of Sci., Leningrad, 1990 You may copy, distribute and make any use of this text free Anatoliy Sedoy Antiviral workers and groups in the USSR (The essence of the catalog of viruses and antiviral software InfoPro - Leningrad dep. of NovInTex, 1990) O R G A N I Z A T I O N S Sci.research centre of 103104, Moscow, Tverskoy b. 7/2 computer security Director: Alexander S. Ageev (095) 203-99-85 (095) 202-81-16 Antiviral software Kiev's institute of the 252058 Kiev-58, pr.kosm.Komarova 1 Civil Aviation Engeneers k.3 aud.103 Nikolay N. Bezrukov Dep.of automatization (044) 268-10-26 from 10.00 to 11.00 (044) 484-94-63 Computer bulletin, researches, antiviral software InfoPro - Leningrad 191025 Leningrad, Nevskiy pr. 104 dep. of NovInTex 191025 Leningrad box 140 (812)2726054 Anatoliy I.Sedoy Catalog of viruses and antiviral software Bulletin "InterComputer" 121069 Moscow, ul.Chaikovskogo 20a joint venture "Interunity" (095) 202-92-80 Carasic I.Sh. Telex: 413932 NIDEL SU Fax : (095) 230-20-35 A N T I V I R A L S O F T W A R E a - driver; b - resident; c - batch program; d - active monitor; e - detector: boot, system, RAM; f - detector: control while loading program; g - detector: files on disks; h - doctor: boot, system. RAM; i - doctor: cure while loading program; j - doctor: cure files on disks; k - commercial product. (Russian alphabetical order, +/- - yes/no, o/. - no information) Organization or name Address a b c d e f g h i j k --------------------------- ---------------- ----------------------- "Ampersand", Sci.-Tech. 123060, Moscow Antiviral package "Revisor" cooperative box 439, NTK "Ampersand" (095) 492-21-54 o o o o o o o o o o + "BIS" 340055, Donetsk, Antiviral IMMUNER Sci.-Ind.Coop.Firm Universitetskaya o o o o o o o o o o + ul. 25 (062-2) 93-10-21 DISINFECTOR (0562) 24-88-81 o o o o o o o o o o + Bulletin "Intercomputer" 121069 Moscow, Autorisation access joint venture Interunity ul.Chaikovskogo, package "Watchdog" Carasik I.Sh. 20a (095) 202-92-80 . . . . . . . . . . + Fax: (095) 230-20-35 Header Comp.Centre 1....., Moscow AIDSTEST.exe of GosPlan USSR (095) 292-40-76 - - + - + - + + - + + Lozinskiy D.N. Header comp.centre of 1....., Moscow ANTI-KOT.exe MinChim USSR (095) 227-00-04 - - + - + - + + - + + Oleg A. Cotic add. 25-20 "Data service", Estonia, 203600, ANTI3008.exe Small enterprize Pyarnu, ul.Ruitli- - + - - - + - - + o Bazhenov J.E. 21/23 (01444) 41-703 "Omega-IIT", 198052,Leningrad Cassandra - AV system Eldar A. Musaev 5-aya Krasnoar- - + + + + + + + + + + meiskaya 12/15 (812)2926470 Internet: eldar@lomi.spb.su "Dialog", soviet-american 19....,Leningrad Antiviral package joint venture, Leningrad Fontanka 46 CERBER department (812) 311-04-52, - + + + + + + + - + + Cyrill Yu. Ageev (812) 311-08-93 Tsal I. Michael (812) 560-01-73 Fax: (812) 315-15-66 Institute of Applied 125047, Moscow VIRUS_D1.exe Mathematics AS USSR Miusskaya pl. 4 - - + - + - + + - + o Vitaly S. Ladygin (095) 333-65-12 "InterQuadro", joint 125130, Moscow Antiviral tools in soviet-french-italy 2-Novopodmoskov- educational package venture ny per. 4 o o o o o o o o o o + Victor E. Figurnov Dep.of mathemat. development (095) 150-92-01, (095) 259-92-04 Telex : (871) 413560 KVINT SU Fax : (095) 943-00-59 "Kris", sci.-ind.coop. 194021,Leningrad VCHECK.sys Korolyev S.A., ul.Chlopina 11 + - - + + + - + + - + Marshak Yu.L., (812) 534-49-07, Savchenko S.P. (812) 534-10-86 "Magistr", software 1....., Moscow PROTEK - hard disk centre (095) 464-81-72, protection (095) 464-80-90 o o o o o o o o o o + "Mobile Virusology Labor." 25...., Kiev ADOCTOR.com, MVL.com ShaLeem Ltd. Corp. (044) 417-53-00, - - + - - - + - - + - SHApovalenko Sergei, (044) 417-61-76 Wl.von LEEMan (Name maybe a joke, phones are correct) "New Informational Tech- 119517 Moscow, VR.exe nologies - NovInTex" ul.Nezhinskaya - - + - + - + + - + + joint venture "Sip" 13 Osipenko A. (095) 442-57-92 Fax: (095) 943-00-72 "NovInTex" Leningrad 191025,Leningrad VACcine V - AV system dep. "InfoPro" Nevsky 104 - + + + + + + + - + + group "SoftUnion" (812) 272-60-54 Kireenko I. The same The same ANTI2888.exe - TP viruses Pavel V. Semyanov - - + - + - + + - + - "NovInTex" Tver departm. 1700021, Tver, DOG - AV package "Tver" (08222) 9-66-69 - + + o + o + + o + + "OFIS", NPG 1......, Moscow DIAGAIDS.exe, Agasandyan George (095) 129-17-44 DIAG-LOT.exe (095) 129-39-11 DIAGLOT.exe - - + - + - + + - + + "ParaGraf" soviet-american 103051, Moscow DOCTOR.exe joint venture Petrovsky bulv. (Chi-Doctor,1.14/10/06) Chizhov Anton 23 - - + - + - + + - + + (095) 200-25-66, (095) 924-17-81 (095) 928-36-88 Fax : (095) 931-06-01 PCB MPS (project-constr. 1....., Moscow CLISTIR.exe bureau of Railways (095) 262-99-07 - - + - + - + + - + o Ministry ) Igor L. Rass "SAPPHIR" MicrpComp.Group 34...., Donetsk FASTANTI.exe of VCETr Donetsk raylways (062-2) 91-55-65 - - + - + - + + - + + Nikulenko D.E. Serbinenko A.V. "Terminal", sci.-tech. 103045, Moscow "SHPRITS" tool to work coop. box 48, with anitviral(?)programs (095) 148-02-14 o o o o o o o o o o + "ELIAS", coop. & 127276, Moscow "Ynjector Panzer" "Alex Software", Kargopolskaya 17 o o o o o o o o o o + research group (095) 903-04-57 Caspersly E. 1......, Moscow "Doctor Caspersky" B.Akademichaskaya- + + + + + + + . + o 73 k.3 kv.11 (095) 482-60-05 from 21.30 to 23.00 O T H E R A V S O F T W A R E ( pure information ) DISINFCT 191180 Leningrad Fontanka 76 CNTTM "Synthes" Deineka Alexander M. (812) 112-44-12, (812) 315-18-22, (812) 315-34-00 Designer - Tallinn polytechnical Inst. Price: 98.00 rubl. Form: A 5.25" copy-protected diskette 100108 Tallinn, Echitayte tee 5 EKTA Soft '89 Ehatamm M. (0142) 53-73-21 LFD.com Leningrad Bolshoi pr. P.S. 59 "Forth-info" Larionov D.V. (812) 233-34-10, (812) 248-16-61 NO.exe Igor N. Postnikov CHECKV.exe Alexey A. Tereshin (812) 296-95-94 (812) 271-25-18 AIDSITAL.exe "MicroCom", Michael S. Rezhepp (812) 277-93-94 CHKVIR.exe Leningrad Bolshoi pr. P.S. 59 "Forth-info" Schachmanski I., Azbel (812) 233-34-10, (812) 248-16-61 CONVIR.exe Institute of Applied Mathematics AS USSR Andreev S.V., Chodulev A.B. (095) 333-71-89 ANTIC.exe Mechanical Engineering Research Institute ANTIE.exe Belousov V., Semenov A. FFIND.com (095) 135-62-98 HEAD.exe DOCTOR.exe AcademySoft, Gerasimov V.V. CMVR.exe Economic & Statistic Institute, Scientific Problem Laboratory 119517 Moscow, Nezhinskaya 7 Gusev Alex (095) 442-77-55 AV.com Academy Soft, Strakhov A. KILLER.com Zaparovanny Alexey, Himchenko Serge Komsomolsky pr. 48/22 kv.39 InterRus. SBH SoftWare AntiMol State Comp.Centre Ministry of See Fleet USSR (package) Department V-3 (B-3) teleprocessing and development MGCI.exe GKWTI & MGCI (095) 246-19-23 ANTMUSIC.exe "Slavich" 152140 Yaroslavskaya obl. Pereslavl-Zalessky PCShield coop. "Term" 152140 Yaroslavskaya obl., Pereslavl-Zalessky, box.16 Abakumov A.A., Abramov S.M., Pimenov S.P. Chatkevich M.I. (095) 359-37-80 DET2890.exe 252056 Kiev pr.Pobedy 37 Kiev polytechnical inst., dep. of appl. mathem., "Data Traveller" Tkachenko V.O. (044) 514-26-88 ==============================================================