{"id":68,"date":"2018-05-05T07:32:30","date_gmt":"2018-05-05T07:32:30","guid":{"rendered":"https:\/\/globalblacknews.com\/?p=68"},"modified":"2018-07-31T11:00:09","modified_gmt":"2018-07-31T11:00:09","slug":"everything-wrong-with-silivaccine","status":"publish","type":"post","link":"https:\/\/globalblacknews.com\/everything-wrong-with-silivaccine\/","title":{"rendered":"Everything wrong with North Korea\u2019s Homegrown SiliVaccine Antivirus"},"content":{"rendered":"

SiliVaccine, North Korea\u2019s very own antivirus program<\/a> gives us a rare peek at how the country operates. The software code not only reveals a backdoor but also stolen code from a competitor.<\/p>\n

Security researchers at Check Point Security, the former makers of ZoneAlarm line up of products, obtained two SiliVaccine samples and started to dissect it in an attempt to undercover how the antivirus protects its users from outside threats, and also how the antivirus company can use that software to spy on its users.<\/p>\n

\"SiliVaccine<\/p>\n

Background<\/em><\/h2>\n

Journalist Martin Williams obtained the sample back in 2014. A Japanese tipster, identifying as \u201cKang Yong Hak\u201d mailed him the Dropbox link to the software.<\/p>\n

At that time, he detailed the functions of the program which was at version 4.0 and was published in 2002. The publishers of the software were named PyongyangGwangmyong Information Technology and STS Tech-Service.<\/p>\n

Williams then contacted a trusted British antivirus firm in 2014 with the sample of the Korean antivirus program and after testing they concluded that the software did not appear to be malicious.<\/p>\n

Bundled Malware<\/em><\/h2>\n

Some weeks ago, Check Point again re-examined the software sample and found out that it contained stolen code from the Japan-based antivirus maker \u2013 Trend Micro.<\/p>\n

Trend Micro has been a well-known name in the security software scene for quite a long time. The re-examination also revealed that the software contained a malware as a patch that made the software purposely ignore some specific malware code signatures<\/a>.<\/p>\n

This is a security hole that could allow the software to stay silent if any malware is being installed. The bundled malware is known as JAKU.<\/p>\n

\"SiliVaccine<\/p>\n

It is an extremely resilient malware that forms a botnet and is usually spread through BitTorrent networks.<\/p>\n

Check Point researcher Mark Lechtik\u00a0said in an interview with Threatpost that they believed that Williams was being targeted by North Korea.<\/p>\n

The researchers also shared the fact that Williams seemed to be a part of a wider distribution of this software.<\/p>\n

Trend Micro\u2019s stolen antivirus scan engine<\/em><\/h2>\n

On the other hand, Trend Micro also confirmed that SiliVaccine used a part of their software illegally, but it does not jeopardize the current users<\/a> of Trend Micro security products in any way.<\/p>\n

It is still a mystery how Trend Micro\u2019s code found a way into North Korea\u2019s antivirus program. Trend Micro says that even though it takes s strong stance against piracy, it would not be productive to take any legal action against the government of North Korea.<\/p>\n

Even though Japan and North Korea do not have any official or political diplomatic, such findings are quite surprising. Like the Trend Micro product, North Korea\u2019s antivirus also blocks malware, allows users to perform scans and even more.<\/p>\n

\"SiliVaccine<\/p>\n

However, it does not flag certain types of malware and that can be used to snoop on its users.<\/p>\n

This revelation of SiliVaccine raises more suspicions of the motives and the authenticity of the IT operations and products of North Korea.<\/p>\n

The finding, however, makes one thing very clear \u2013 that is, the questionable and shady goals of SiliVaccine\u2019s creators and those who have funded the product.<\/p>\n","protected":false},"excerpt":{"rendered":"

SiliVaccine, North Korea\u2019s very own antivirus program gives us a rare peek at how the country operates. The software code not only reveals a backdoor but also stolen code from a competitor. Security researchers at Check Point Security, the former makers of ZoneAlarm line up of products, obtained two SiliVaccine samples and started to dissect it in an attempt to undercover how the antivirus protects its users from outside threats, and also how the antivirus company can use that software to spy on its users. Background Journalist Martin Williams obtained the sample back in 2014. A Japanese tipster, identifying as <\/p>\n","protected":false},"author":1,"featured_media":70,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[9],"tags":[],"_links":{"self":[{"href":"https:\/\/globalblacknews.com\/wp-json\/wp\/v2\/posts\/68"}],"collection":[{"href":"https:\/\/globalblacknews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/globalblacknews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/globalblacknews.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/globalblacknews.com\/wp-json\/wp\/v2\/comments?post=68"}],"version-history":[{"count":3,"href":"https:\/\/globalblacknews.com\/wp-json\/wp\/v2\/posts\/68\/revisions"}],"predecessor-version":[{"id":75,"href":"https:\/\/globalblacknews.com\/wp-json\/wp\/v2\/posts\/68\/revisions\/75"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/globalblacknews.com\/wp-json\/wp\/v2\/media\/70"}],"wp:attachment":[{"href":"https:\/\/globalblacknews.com\/wp-json\/wp\/v2\/media?parent=68"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/globalblacknews.com\/wp-json\/wp\/v2\/categories?post=68"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/globalblacknews.com\/wp-json\/wp\/v2\/tags?post=68"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}