BACK

SiliVaccine: Antivirus from North Korea

SiliVaccine: Antivirus from North KoreaCheсk Point’s research team once got a message from a Bloomberg journalist named Martyn Williams, who had been forwarded a copy of a North Korean antivirus by someone allegedly from Japan. One does not encounter North Korean software often, so experts Mark Lechtik and Michael Kajiloti were only too glad to …

  • 09 Jan 2019
6 min read
SiliVaccine: Antivirus from North Korea
Cheсk Point’s research team once got a message from a Bloomberg journalist named Martyn Williams, who had been forwarded a copy of a North Korean antivirus by someone allegedly from Japan. One does not encounter North Korean software often, so experts Mark Lechtik and Michael Kajiloti were only too glad to see what the antivirus tool was like. They presented the results of their study at the hackers’ congress 35C3. But before we discuss the North Korean antivirus product, we should probably briefly cover the relationship North Korea has with the Internet and vice versa. North Korea’s role in developing the global network Attribution — crafting a justified claim that a specific group from a specific country attempted a specific attack — is an altogether hit-and-miss business. Interpreting evidence is difficult, following the wrong lead is easy, and so forth. Yet at some point, several research groups were jointly attributing some attacks to North Korea. It is also widely believed that North Korea uses state-supported groups of hackers, whose business is to earn money for the regime. Of course, DPRK officials deny this. That said, the Internet as such is virtually nonexistent in North Korea: the World Wide Web can be accessed only by a chosen few, whereas the bulk of the population is restricted to the domestic intranet, which is called Kwangmyong: a network purged of all information from “the decaying West.” The West, in turn, also has little opportunity to peep into the North Korean network, so every bit of information on the subject is a treat. How the North Korean antivirus SiliVaccine ended up in the hands of researchers Korean–Japanese antivirus The first logical question is: Why would North Korea, lacking the Internet, want an antivirus? First, for protection against viruses smuggled into the country on memory sticks containing Western articles, South Korean TV series, and other information not officially available in the DPRK. Contraband memory sticks are surprisingly widespread in these parts. Second, and less obvious, it looks like North Korea was going to market this antivirus internationally — at least one of its versions includes an English interface. The second question, no less logical, is: Where would the DPRK get antivirus software of its own? A sophisticated product like that is rather difficult to create from the ground up, especially given limited resources. The experts from Check Point addressed this question, too, only to draw an interesting conclusion: The 2013 version of the Korean antivirus (which was what they had available) was using the engine of a popular antivirus solution by Trend Micro, although from 2008. The Korean developers were clearly unwilling to let anyone meddle with the product’s code; many of its components were protected with Themida — a wrapper program designed to obstruct reverse engineering. Yet those who were packing up the SiliVaccine components had neglected to use much of the impressive Themida toolkit, so the Check Point team was able to access the program code. About one-quarter of the SiliVaccine code fully
Source: Kaspersky Lab official blogPublished on 2019-01-09
Blog Details
  • 09 Jan 2019

Newest Articles.

View all
  • 04 Mar 16

    Top 5 Recent Cyber-attacks/hacks and How They Could Relate to your Business.

    Read Article logo
  • 13 Mar 16

    Data leaks, how can they affect Sales and Business Integrity?

    Read Article logo
  • 20 Apr 16

    Common Cyber Security Threats Faced by Businesses and The Impacts

    Read Article logo
  • 11 May 16

    Regular Vulnerability Scans Assessments: Keeping You Safe

    Read Article logo

Get a Quote

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Contact Us

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Step 1 of 4 - Let’s get started

25%
  • Thanks for your interest in working with us. Please complete the details below and we’ll get back to you as soon as possible.

Buy Cyber Essentials

price-popup-pattern