SiliVaccine – North Korea’s anti-virus scanner

In a country where most computers aren’t connected to the Internet, an anti-virus scanner might not seem like much of a necessity. But since 2002, programmers in the country have been working on SiliVaccine, a home grown anti-virus application that is now in its fourth version.

I was recently sent a current version that runs on Windows XP and here’s what it looks like.

140812-sili-01

The splash screen for version 4 shows a copyright date of 2002 to 2011, the latter year likely indicating when this version was first published. The version I received had a virus pattern file — the database used to identify viruses – dated November 23, 2013 although it was sent with a screenshot of a version that had been much more recently updated.

Upon installation, the user is presented with a short description of the software and contact details for the maker.

140812-sili-02

It also lists a website for the software: http://10.10.1.16. That address might look strange because it’s the IP address of the server and not a domain name. It probably means the developers don’t have their own domain name set up.

The address used resides in a block set aside for use on local networks rather than the global Internet, so only works from within North Korea’s nationwide intranet.

When the software is started, it presents a screen that looks like many other Windows XP anti-virus applications. A list of local and network servers and directories is presented and users can select which ones will be scanned.

140812-sili-06

 

Here’s the aforementioned screenshot that was packaged with the software in a zip file I received. The date on the file is May 20, 2014.

SiliVaccine 4.0

SiliVaccine 4.0

A word about security: Before running the software, I contacted computer security company Sophos, which confirmed the application didn’t appear to be malicious. I also ran IP port monitoring software to ensure that attempts were not made to access other Internet servers.

A series of set-up screens offer configuration options and there’s a field for a serial number, although I was never asked for when when installing the software and it was preset to all “0”s.

The address of the update server can also be entered here. That was preset as 10.10.1.16, the same address shown on the opening splash screen as the website for the software.

140812-sili-09

And indeed, when I ran the anti-virus software and attempted to update the database, the software tried to contact that IP address. It failed because the address isn’t accessible from the global Internet.

140812-sili-12

Several other aspects of the scanner can be customized in the setup screens:

140812-sili-07

And here you can set the directories the system will scan:

140812-sili-08

When I ran the software on an old Windows XP laptop, it didn’t find any malware.

140812-sili-04

The degree to which malware and viruses are a problem in North Korea is unclear. Few outsiders have gained access to the country’s nationwide intranet and even fewer have had the ability to catalog the applications and services available.

But malware is at least an annoyance in some establishments. At the foreign-funded Pyongyang University of Science and Technology (PUST), teachers are warned before they arrive that “viruses abound here.”

The USB sticks that come into the country filled with Korean TV dramas and movies are surely an effective platform for spreading illicit software and virus files from machine to machine.

2 Comments on "SiliVaccine – North Korea’s anti-virus scanner"

  1. Is it possible to download the software anywhere? I would like to test it.

  2. Have you tested it with Eicar test file?

Comments are closed.

An affiliate of 38 North
Website Security Test