Vacsina
Vacsina
Type File virus
Creator TP
Date Discovered 1989.08
Place of Origin Bulgaria
Source Language Assembly
Platform DOS
File Type(s) .com, .exe
Infection Length 1,206-1,221 bytes
Reported Costs

Vacsina is a Bulgarian virus from 1989. One of its prominent features is that it causes the infected computer to make noises. It was coded by TP, the creator of Yankeedoodle and shares a few similarities with that virus.

Behavior

Vacsina is introduced to a computer when an infected file is transfered to the computer. When the file is executed, the virus becomes resident. It infects every .com and .exe as it runs when that file uses the INT 21h function 4Bh, appending itself to the end of that file.

When a .com file has been successfully infected, the virus will cause the computer to beep. Later variants will remove older ones and replace it with the "updated" version.

Variants

Variants of Vacsina are named in a similar way as the variants of Yankeedoodle, with the penultimate byte of the file in hexadecimal.
Vacsina.06- This variant deciphers and displays the string: "Az sum vasta lelja.".
Vacsina.Grog- this variant displays the text:

  Grog*Soft Anti-Virus v1.1 (C) '93 by GROG - Italy
  Self Integrity Check warning - File was changed!
  Choose an option:
  [R] Self Reconstruction.
  [C] Continue execution.
  [E] Exit to DOS.
  Press R,C or E:

Vacsina.Joker- Sometimes this variant displays a graphic when the user presses CTRL-ALT-DELETE.

Effects

Vacsina and its variants became pretty widespread. It was found in the printer drivers for a Star LC24 Printer in late 1992.

Name

Vacsina was named for a text string contained in some earlier versions of the virus. It is the Bulgarian word for "vaccine" (ваксина) written in Roman letters. As some variants play the song "Yankee Doodle", some antivirus companies called the virus "Yankee", "Yankee Doodle", or some variation on that. However, there was already a virus known as Yankee Doodle, named because it too plays the tune "Yankee Doodle".

Other Facts

As with all of the later viruses coded by TP, Vacsina is non-destructive. TP even went to great lengths to make certain the virus did no damage when infecting files. TP says his only interest in virus coding was trying new ideas, similar to virus creators like Gigabyte or most of the members of 29A.

The virus may not have been released to the wild intentionally. In Bulgaria, Vacsina's home country, computers were often shared, and it is possible that TP's source code was stolen or an assembled binary was accidentally executed by another user of the same computer.

Sources

C. Fischer, T. Boerstler, R. Stober. University of Karlsruhe, Micro-BIT Virus Center, Reports collected and collated by PC-Virus Index, YANKEE DOODLE SERIES, aka TP, VACSINA. 1989.11.13

Kaspersky Labs. Virus.DOS.Vacsina.

Vesselin Bontchev. Bulgarian Academy of Sciences, Laboratory of Computer Virology, The Bulgarian and Soviet Virus Factories.

Attrition.org, Certified Pre-0wned.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License