informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/virus/viruses.uss

472 lines
20 KiB
Plaintext
Raw Permalink Blame History

From: eldar@lomi.spb.su (Eldar A. Musaev)
Date: Mon, 18 Feb 91 13:47:13 +0300 (MSK)
Subject: Viruses in the USSR
This is my paper on the situation with viruses in the USSR.
It was written in october-november of 1990, so there are
some notes to it:
1)It does not names all viruses in the SU, but this number
is NOT too high. Maybe there are a couple of dozens, not more.
If you'd got an information about hundred and more viruses
in the USSR, don't beleive it !
2)Vienna (648) virus is dated by 1987 there. I don't know how
it could be and where is a bug but three my friends independently
points out to 1987 as a first time of our problems with
this virus. This is the reason why I've left out this date
in the paper, though ALL other sourcers points out to the 1988.
I try to make who-is-who in our field so I am interested in
names, adresses, fields of interests of antiviral researchers
all over the world. Another (and ORIGINAL) reason for this
interest is that I am writing (and modifing) the book devoted
to the problems connected with the different badware. I don't
want to make a catalog, but a textbook for students and future
antiviral researchers. It is going concurrently with a research
work, so I'm interested to discuss different ideas as wide as
possible.
Eldar A. Musaev
Ph.D., Researcher
Leningrad Division of the Mathematical Institute
Academy of Sciences of the USSR email: eldar@lomi.spb.su
USSR 191 011 Leningrad (maybe through fuug.fi, or
Fontanka 27 demos!lomi.spb.su!eldar@fuug.fi)
****************************************************************
Eldar A.Musaev
COMPUTER VIRUSES IN THE USSR
First time I had met a virus in my computer was the end
of 1986 - first months of 1987. It was well known Vienna
virus (648, COM-files). Since that time I am closely
connected with this problem and observe the situation in the
USSR.
Due to some reasons it is hard nowadays to organize
antiviral community in the USSR and get full information.
Despite that I've could keep together sufficient volume of
information on this problem.
What viruses circulated in the USSR this time ?
1.648, COM, Vienna - As I have already said I've got it at
the beginning of 1987 from Mathematical Institute in Moscow.
They got it at the end of 1986 from one of the U.S.
universities with the game. It is strange but all sources
reffers to the 1988, so this incident seems to be one of the
first ones.
2.Dropper, 1701, Falling Letters - I've met it first at the
computer in my institute (Mathematical Institute of Academy
of Sciences, Leningrad). The supposed source is the Palace
of Pioneers and Schoolboys in Leningrad. They could got it
from game. Most of all, this game was brought from the West
by one of the parents. This virus appeared in the USSR
approximately in the middle of 1987(88?)
3.TPxx-family, Yankee Doodle - oI've never met them in a
wild state. I've got an exemplar of this virus from friend,
who had isolate it during recreational work under the
computer in one of the Leningrad institutes. Some other
version I've got from S.Abramov (antiviral researcher in
Pereslavl-Zalessky) and friends in Leningrad. Possible
sources - big parties of bulgarian computers, games.
4.Dark Avenger, Sofia, Eddie - First time I've met and
isolated this virus was an autumn(?) of 1989 at the computer
bought in West Berlin. It was on the disk with legal
exemplar of a Disk Manager. It seems to be so that this disk
was infected during the use at the infected computer in West
Berlin. First information about this virus in the USSR
referred to the summer of the 1989.
5.Black Friday, Jerusalem(?), Black Hole - First information
I've heard about this virus referred to the summer
1988(???). Possible sources - West Berlin, South-Eastern
Asia.
6.Italy Ball - I've got it from friends in Leningrad
Institute of Informatic and Automatization of Academy of
Sciences in the autumn 1988. First information referred to
the summer-spring 1988.
7.532, COM - safe variant of the 648-virus. There is
suggestion that it was made from 648-virus in the Soviet
Union. I amn't quite sure that it is so. In particular
american sources are familiar with this virus but the stream
of programs from SU to US seems to be very pure to provide
explosion of any soviet vires, if present at all, to the
U.S. First information on this virus is dated by 1988
BOOKS
At the autumn of 1990 there was not printed books on
this topic. Nearest time "Computer virusology" of
N.N.Bezrukov is supposed to be published. There are some
computer prepared manuscripts (all one are in Russian).
1.PC Shield Demo&Tutorial Disk / Sergey Abramov &oth. -
Pereslavl-Zalessky: Institute of the Program Systems, 1988 -
contains approx. 170 Kb data base in Norton Guides format.
For users.
2.Computer Virusology / N.N.Bezrukov - Kiev: KIIGA, 1988-90
Depending on the version from 120 to 700 Kb manuscript. For
system programmers, users.
3.Computer viruses and antiviruses / Anatoly Sedoi -
Leningrad: Novintex, 1990
About 1.2 Mb of manuscript. For system programmers and
user's.
4.Trojanology / Eldar Musaev - Leningrad: LOMI, 1990
About 150 Kb of manuscript. For students&developers of
antiviral software
PAPERS
There are some papers in new computer journals. Most of
them are not very professional, but useful as a popular
introduction in the problem. The paper of Bezrukov ([9]) is
the only paper which is not only a popular paper and
contains some attempts of really systemathic approach.
Standard structure of other papers is:
- an introduction to history and some funnystories on
the topic;
- recommenations to avoid any infected software, some
words for a legal way to obtain programs;
- list of some viruses with several technical notes
(such as a length, standard victims etc.)
- some words about western antiviral programs, maybe,
about a couple of soviet ones;
- and advertisment of the author's antiviral product.
Here is a list of these papers. All ones are in
Rusian.
1.Some considerations on the computer viruses / A.Chijov
(F&Xb;jd) - In the world of PC (D vbht GR) - Moscow: IDG
Communication, Radio&communication, 1988 - N 1 - p.121-124
The basis information, some rude words about illegal
software.
2.Osipenko A.S. Computer viruses (Jcbgtyrj F&C& Rjvgm.nthyst
dbhecs) / World of PC (Vbh GR) - Moscow: ICE, 1990 - N3 -
p.23-30
The basis information, description of some viruses,
some recommendations to avoid viruses.
3.Nikolaev A. Attention - virus ! (Ybrjkftd F& Jcnjhj;yj -
dbhec !)/ Computer Press - Moscow: Sovaminko, 1990 - N6 -
p.3-16
A review and a summary of the west publications.
4.Lozinski D. One of the soviet antiviral programs: AIDSTEST
(Kjpbycrbq L& Jlyf bp cjdtncrb[ fynbdbhecys[ ghjuhfvv:
AIDSTEST)/ Computer Press - Moscow: Sovaminko, 1990 - N6 -
p.17-20
An advertyisment of the author's antiviral program.
5.Cadloff Andjey Viruses (Fyl;tq Rflkja Dbhecs)/ Computer -
Moscow: Finances&Statistiks, Komputer, 1990 - N1 - p.44-47
The history and some recommendations.
6.Agasandyan G. Don't harm your fellow creature (U&Fufcfylzy
Yt dhtlb ,kb;ytve cdjtve) / Computer - Moscow: Finances&
Statistiks, Komputer, 1990 - N1 - p.47-49
Description of 5 viruses
7.Psemyslav Vnuk 10 Antiviral commandments (Gitvsckfd Dyer
10 Fynbdbhecys[ pfgjdtltq) / The same - p.49
Antiviral recommendations
8.Ageev C. Wonders in our "zoo" (Futtd R& Xeltcf d yfitv
pjjgfhrt) / File (Afqk) - Moscow: Mir, 1990 - May - p.61-65
Descriptions of some viruses and a few words on the
history and antiviral protection.
9.Bezrukov N.N. Classification of viruses / Intercomputer -
Moscow: Interunity, 1990 - N3 - p.38-47
RESEARCHERS
There are many separate researchers and little groups
in this field, but as a main activity it is used only in
some join ventures and little commercial firms. The only
centre where scientific approach could be recognized is
Kiev. The main groups are:
Leader Sity Comments
N.N.Bezrukov Kiev Computer virusology, analysis,
computer bulletin
S.Abramov Pereslavl- Antiviral software
Zalesski
C.Ageev Leningrad Antiviral software
A.Chizhov Moscow Antiviral software
That is only most evident groups, not separate user.
Really complete list you can read in appendix.
The main problem of antiviral researches in SU is the
absense of financial support, so most of work concerns the
development of antiviral software with well known ideas -
active monitors, detectors, control sums checkers.
Fundamental research in this field nowadays is practically
impossible.
VIRUSOLOGY MEETINGS
For a long time the only place for soviet virusologists
to meet (excluding occasional personal contacts) was the
seminar of system programming in Kiev, organized by
N.Bezrukov. This autumn the "VIRUS-90" conference was held
in Kiev and that was the first conference of this kind. The
only problem with this conference was a high registration
fee (about 100 rubles, that is near to the 30-50% of a month
salary of Ph.D. mathematician in research institute), so
many researchers from non-commercial organizations had no
possibility to participate this conference. The main topic
at conference (at least by the time) was description of new
antiviral software.
For additional information see appendix (written by
A.Sedoi, translated in short by me).
-----------------------------------------
Appendix
(C) Anatoly Sedoy, NovInTex, InfoPro, Leningrad, 1990
(C) Translation in short in English Eldar A.Musaev,
Mathem.Institute of Acad.of Sci., Leningrad, 1990
You may copy, distribute and make any use of this text free
Anatoliy Sedoy
Antiviral workers and groups in the USSR
(The essence of the catalog of viruses and antiviral software
InfoPro - Leningrad dep. of NovInTex, 1990)
O R G A N I Z A T I O N S
Sci.research centre of 103104, Moscow, Tverskoy b. 7/2
computer security Director: Alexander S. Ageev
(095) 203-99-85
(095) 202-81-16
Antiviral software
Kiev's institute of the 252058 Kiev-58, pr.kosm.Komarova 1
Civil Aviation Engeneers k.3 aud.103 Nikolay N. Bezrukov
Dep.of automatization (044) 268-10-26
from 10.00 to 11.00 (044) 484-94-63
Computer bulletin, researches,
antiviral software
InfoPro - Leningrad 191025 Leningrad, Nevskiy pr. 104
dep. of NovInTex 191025 Leningrad box 140
(812)2726054 Anatoliy I.Sedoy
Catalog of viruses and antiviral software
Bulletin "InterComputer" 121069 Moscow, ul.Chaikovskogo 20a
joint venture "Interunity" (095) 202-92-80 Carasic I.Sh.
Telex: 413932 NIDEL SU
Fax : (095) 230-20-35
A N T I V I R A L S O F T W A R E
a - driver;
b - resident;
c - batch program;
d - active monitor;
e - detector: boot, system, RAM;
f - detector: control while loading program;
g - detector: files on disks;
h - doctor: boot, system. RAM;
i - doctor: cure while loading program;
j - doctor: cure files on disks;
k - commercial product.
(Russian alphabetical order, +/- - yes/no, o/. - no information)
Organization or name Address a b c d e f g h i j k
--------------------------- ---------------- -----------------------
"Ampersand", Sci.-Tech. 123060, Moscow Antiviral package "Revisor"
cooperative box 439, NTK
"Ampersand"
(095) 492-21-54 o o o o o o o o o o +
"BIS" 340055, Donetsk, Antiviral IMMUNER
Sci.-Ind.Coop.Firm Universitetskaya o o o o o o o o o o +
ul. 25
(062-2) 93-10-21 DISINFECTOR
(0562) 24-88-81 o o o o o o o o o o +
Bulletin "Intercomputer" 121069 Moscow, Autorisation access
joint venture Interunity ul.Chaikovskogo, package "Watchdog"
Carasik I.Sh. 20a
(095) 202-92-80 . . . . . . . . . . +
Fax: (095) 230-20-35
Header Comp.Centre 1....., Moscow AIDSTEST.exe
of GosPlan USSR (095) 292-40-76 - - + - + - + + - + +
Lozinskiy D.N.
Header comp.centre of 1....., Moscow ANTI-KOT.exe
MinChim USSR (095) 227-00-04 - - + - + - + + - + +
Oleg A. Cotic add. 25-20
"Data service", Estonia, 203600, ANTI3008.exe
Small enterprize Pyarnu, ul.Ruitli- - + - - - + - - + o
Bazhenov J.E. 21/23
(01444) 41-703
"Omega-IIT", 198052,Leningrad Cassandra - AV system
Eldar A. Musaev 5-aya Krasnoar- - + + + + + + + + + +
meiskaya 12/15
(812)2926470
Internet: eldar@lomi.spb.su
"Dialog", soviet-american 19....,Leningrad Antiviral package
joint venture, Leningrad Fontanka 46 CERBER
department (812) 311-04-52, - + + + + + + + - + +
Cyrill Yu. Ageev (812) 311-08-93
Tsal I. Michael (812) 560-01-73
Fax: (812) 315-15-66
Institute of Applied 125047, Moscow VIRUS_D1.exe
Mathematics AS USSR Miusskaya pl. 4 - - + - + - + + - + o
Vitaly S. Ladygin (095) 333-65-12
"InterQuadro", joint 125130, Moscow Antiviral tools in
soviet-french-italy 2-Novopodmoskov- educational package
venture ny per. 4 o o o o o o o o o o +
Victor E. Figurnov Dep.of mathemat.
development
(095) 150-92-01,
(095) 259-92-04
Telex : (871) 413560
KVINT SU
Fax : (095) 943-00-59
"Kris", sci.-ind.coop. 194021,Leningrad VCHECK.sys
Korolyev S.A., ul.Chlopina 11 + - - + + + - + + - +
Marshak Yu.L., (812) 534-49-07,
Savchenko S.P. (812) 534-10-86
"Magistr", software 1....., Moscow PROTEK - hard disk
centre (095) 464-81-72, protection
(095) 464-80-90 o o o o o o o o o o +
"Mobile Virusology Labor." 25...., Kiev ADOCTOR.com, MVL.com
ShaLeem Ltd. Corp. (044) 417-53-00, - - + - - - + - - + -
SHApovalenko Sergei, (044) 417-61-76
Wl.von LEEMan
(Name maybe a joke, phones are correct)
"New Informational Tech- 119517 Moscow, VR.exe
nologies - NovInTex" ul.Nezhinskaya - - + - + - + + - + +
joint venture "Sip" 13
Osipenko A. (095) 442-57-92
Fax: (095) 943-00-72
"NovInTex" Leningrad 191025,Leningrad VACcine V - AV system
dep. "InfoPro" Nevsky 104 - + + + + + + + - + +
group "SoftUnion" (812) 272-60-54
Kireenko I.
The same The same ANTI2888.exe - TP viruses
Pavel V. Semyanov - - + - + - + + - + -
"NovInTex" Tver departm. 1700021, Tver, DOG - AV package
"Tver" (08222) 9-66-69 - + + o + o + + o + +
"OFIS", NPG 1......, Moscow DIAGAIDS.exe,
Agasandyan George (095) 129-17-44 DIAG-LOT.exe
(095) 129-39-11 DIAGLOT.exe
- - + - + - + + - + +
"ParaGraf" soviet-american 103051, Moscow DOCTOR.exe
joint venture Petrovsky bulv. (Chi-Doctor,1.14/10/06)
Chizhov Anton 23 - - + - + - + + - + +
(095) 200-25-66,
(095) 924-17-81
(095) 928-36-88
Fax : (095) 931-06-01
PCB MPS (project-constr. 1....., Moscow CLISTIR.exe
bureau of Railways (095) 262-99-07 - - + - + - + + - + o
Ministry )
Igor L. Rass
"SAPPHIR" MicrpComp.Group 34...., Donetsk FASTANTI.exe
of VCETr Donetsk raylways (062-2) 91-55-65 - - + - + - + + - + +
Nikulenko D.E.
Serbinenko A.V.
"Terminal", sci.-tech. 103045, Moscow "SHPRITS" tool to work
coop. box 48, with anitviral(?)programs
(095) 148-02-14 o o o o o o o o o o +
"ELIAS", coop. & 127276, Moscow "Ynjector Panzer"
"Alex Software", Kargopolskaya 17 o o o o o o o o o o +
research group (095) 903-04-57
Caspersly E. 1......, Moscow "Doctor Caspersky"
B.Akademichaskaya- + + + + + + + . + o
73 k.3 kv.11
(095) 482-60-05
from 21.30 to 23.00
O T H E R A V S O F T W A R E
( pure information )
DISINFCT 191180 Leningrad Fontanka 76 CNTTM "Synthes"
Deineka Alexander M.
(812) 112-44-12, (812) 315-18-22,
(812) 315-34-00
Designer - Tallinn polytechnical Inst.
Price: 98.00 rubl.
Form: A 5.25" copy-protected diskette
100108 Tallinn, Echitayte tee 5 EKTA Soft '89
Ehatamm M.
(0142) 53-73-21
LFD.com Leningrad Bolshoi pr. P.S. 59
"Forth-info"
Larionov D.V.
(812) 233-34-10, (812) 248-16-61
NO.exe Igor N. Postnikov
CHECKV.exe Alexey A. Tereshin
(812) 296-95-94
(812) 271-25-18
AIDSITAL.exe "MicroCom", Michael S. Rezhepp
(812) 277-93-94
CHKVIR.exe Leningrad Bolshoi pr. P.S. 59
"Forth-info"
Schachmanski I., Azbel
(812) 233-34-10, (812) 248-16-61
CONVIR.exe Institute of Applied Mathematics AS USSR
Andreev S.V., Chodulev A.B.
(095) 333-71-89
ANTIC.exe Mechanical Engineering Research Institute
ANTIE.exe Belousov V., Semenov A.
FFIND.com (095) 135-62-98
HEAD.exe
DOCTOR.exe AcademySoft, Gerasimov V.V.
CMVR.exe Economic & Statistic Institute,
Scientific Problem Laboratory
119517 Moscow, Nezhinskaya 7
Gusev Alex (095) 442-77-55
AV.com Academy Soft, Strakhov A.
KILLER.com Zaparovanny Alexey, Himchenko Serge
Komsomolsky pr. 48/22 kv.39
InterRus. SBH SoftWare
AntiMol State Comp.Centre Ministry of See Fleet USSR
(package) Department V-3 (B-3) teleprocessing and
development
MGCI.exe GKWTI & MGCI (095) 246-19-23
ANTMUSIC.exe "Slavich"
152140 Yaroslavskaya obl. Pereslavl-Zalessky
PCShield coop. "Term"
152140 Yaroslavskaya obl., Pereslavl-Zalessky,
box.16
Abakumov A.A., Abramov S.M., Pimenov S.P.
Chatkevich M.I.
(095) 359-37-80
DET2890.exe 252056 Kiev pr.Pobedy 37 Kiev polytechnical
inst., dep. of appl. mathem., "Data Traveller"
Tkachenko V.O.
(044) 514-26-88
==============================================================
Reference in New Issue View Git Blame Copy Permalink