The Bulgarian And Soviet Virus Factories Essays - Computer Viruses

The Bulgarian and Soviet Virus Factories The Bulgarian and Soviet Virus Factories ======================================== Vesselin Bontchev, Director Research center of Computer Virology Bulgarian Academy of Sciences, Sofia, Bulgaria 0) Abstract =========== It is presently notable that Bulgaria is pioneer in PC infection creation and the USSR is following intently. This paper attempts to answer the principle questions: Who makes infections there, What infections are made, and Why this is finished. It additionally underlines the effect of this process on the West, just as on the national programming industry. 1) How the story started ====================== Only three years back there were no PC infections in Bulgaria. All things considered, these were things that can happen just in the industrialist nations. They were first referenced in the April issue of the Bulgarian PC magazine Komputar za vas (Computer for you) [KV88] in a paper, deciphered from the German magazine Chip [Chip]. Not long after that, a similar Bulgarian magazine distributed an article [KV89]], clarifying why PC infections can't be perilous. The contentions introduced were, all in all, right, yet the creator had totally missed the way that most of PC clients are definitely not experienced software engineers. A couple of months after the fact, in the fall of that year, two men came in the manager's office of the magazine and guaranteed that they have discovered a PC infection. Cautious assessment demonstrated that it was the VIENNA infection. Around then the PC infection was a totally new thought for us. To make a PC program, whose presentation looks like a live being, is ready to repeat and to move from PC to PC even against the desire of the client, appeared to be amazingly energizing. The way that it tends to be done and that even it had been finished spread in our nation quickly. Before long programmers got a duplicate of the infection and started to hack it. It was seen that the program contains no dark enchantment and that it was even carelessly composed. Before long new, home- - made and improved forms showed up. Some of them were created just by collecting the dismantling of the infection utilizing a superior enhancing constructing agent. Some were upgraded by hand. As an outcome, presently there are a few renditions of this infection, that were made in Bulgaria - renditions with infective lengths of 627, 623, 622, 435, 367, 353 and even 348 bytes. The infection has been made nearly multiple times shorter (its unique infective length is 648 bytes) with no loss of usefulness. This infection was the principal case. Not long after that, we were visited by the CASCADE and the PING PONG infections. The later was the first boot- - segment infection and demonstrated that this uncommon zone, present on each diskette can be utilized as an infection transporter, as well. All these three infections were most likely imported with unlawful duplicates of pilfered programs. 2) Who, What and Why. =================== 2.1) The main Bulgarian infection. - - Around then both known infections that tainted records ( VIENNA and Course) contaminated just COM records. This caused me to accept that the contamination of EXE records was substantially more troublesome. Sadly, I made the mix-up by advising my feeling to a companion of mine. How about we call him V.B. for protection reasons.(1) ................................................................... [(1) These are the initials of his actual name. It will be the equivalent with the different infection authors that I will make reference to. It would be ideal if you note, that while I have similar initials (and even his full name takes after mine), we are two diverse persons.] ................................................................... The test was taken promptly and not long after that I got a straightforward infection that had the option to taint just EXE documents. It is currently known to the world under the name of OLD YANKEE. The explanation behind this is that when the infection taints another document, it plays the Yankee Doodle song. The infection itself was very insignificant. Its solitary element was its capacity to contaminate EXE documents. The creator of this infection even conveyed its source code (or, all the more precisely, the source code of the program that discharges it). By and by, the infection didn't spread generally and indeed, even had not been adjusted a great deal. Just a couple of locales answered to be tainted by it. Presumably the purpose behind this was the reality, that the infection was non- - inhabitant and that it tainted records just on the current drive. So the main chance to get tainted by it was to duplicate a tainted document starting with one PC then onto the next. At the point when the riddle of making an infection which can contaminate EXE records was explained, V.B. lost his enthusiasm for this field and didn't compose any different infections. Supposedly, he right now works in genuine - time signal handling. 2.2)