Dark Avenger

From Wikipedia, the free encyclopedia

Dark Avenger
BornUnknown
NationalityBulgarian
Occupation(s)Programmer, computer virus writer, computer criminal
Known forWriting computer viruses

Dark Avenger was the pseudonym of a computer virus writer from Sofia, Bulgaria. He gained considerable notoriety during the early 1990s when his viruses spread internationally.

Background and origins[edit]

During the Cold War, the Bulgarian government authorized projects to reverse engineer Western technology. This eventually led to the Pravetz computers of the 1980s, which cloned popular Western personal computers. A community formed around these computers when they were used in schools to teach students computer programming.[1] In April 1988, Bulgaria's trade magazine for computers, Компютър за Вас (Computer for You), published a translation of a German article about computer viruses and methods for writing them.[2][1] A few months after that, Bulgaria experienced several foreign viruses. The interest spawned by both the article and the viruses inspired young Bulgarian programmers to devise their own viruses.[2] Soon a wave of Bulgarian viruses erupted, started by the "Old Yankee" and "Vacsina" viruses. Dark Avenger made his first appearance in the spring of 1989.[3] At the time, Bulgaria did not have any laws against writing computer viruses.[4] Anti-virus researchers identified Bulgaria as having talented programmers who had few commercial opportunities,[4] and Bulgarian security researcher Vesselin Bontchev blamed the viruses on the country's history of pirating Western computer code and failure to teach students about computer ethics.[5]

Viruses[edit]

Dark Avenger's first virus appeared in early 1989 and contained the string, "This program was written in the city of Sofia (C) 1988–89 Dark Avenger". Thus, this first virus is usually referred to as "Dark Avenger", eponymous to its author.[1] Dark Avenger's viruses made frequent references to heavy metal bands, including Iron Maiden, and Diana, Princess of Wales.[4] His pseudonym is based on a Manowar song.[6]

The virus was very infectious: if the virus was active in memory, opening or just copying an executable file was sufficient to infect it. Additionally, the virus also destroyed data, by overwriting a random sector of the disk at every 16th run of an infected program, progressively corrupting files and directories on the disk.[1] Corrupted files contained the string, "Eddie lives... somewhere in time!",[1] a reference to Iron Maiden.[6] Due to its highly infectious nature, the virus spread worldwide, reaching Western Europe, the USSR, the United States, and East Asia.[3]

Dutch author Harry Mulisch reported encountering the virus on his laptop while writing The Discovery of Heaven. Mulisch considered it a "favourable sign from higher powers" and briefly considered naming his son Eduard after the virus' output.[7] A few weeks later, he re-encountered the virus and had it professionally removed.[8]

This virus was soon followed by others, each employing a new trick. Dark Avenger is believed to have authored the following viruses: Dark Avenger, V2000 (two variants), V2100 (two variants), 651, Diamond (two variants), Nomenklatura, 512 (six variants), 800, 1226, Proud, Evil, Phoenix, Anthrax, and Leech. As a major means for spreading the source code of his viruses, Dark Avenger used the then popular bulletin board systems.[9] In its variants, the virus also contained the following strings:

  • "Zopy (sic) me – I want to travel"
  • "Only the Good die young..."
  • "Copyright (C) 1989 by Vesselin Bontchev"

In technical terms, the most prominent feature of some of Dark Avenger's viruses was their Mutation Engine (MtE). This allowed the viruses to change their signature, preventing them from being easily recognized by anti-virus programs.[10] Following its release, Paul Mungo and Bryan Clough called MtE "the most dangerous virus ever produced",[4] and Steve Gibson wrote that "the game is forever changed".[11]

Identity[edit]

The identity of the person behind the pseudonym has never been ascertained.[10] In 1992, Dark Avenger described himself as a heavy metal fan under 30 who wrote viruses while procrastinating at his job.[5] Sarah Gordon, a computer security researcher, publicly requested that a virus be named after her. When this request was granted, she used this as an opening to make contact with Dark Avenger. She later published their communications in interview format.[1] Analysis by the researchers Andrew Bissett and Geraldine Shipton concluded that Dark Avenger engaged in victim blaming; he blamed "human stupidity" for the transmission of his viruses and denied that any data of value would be lost on personal computers. They cited his envy of wealthy Westerners' computers as his motivation for making viruses;[12] Gordon herself attributed his motivation to a hatred of Bontchev.[1] Dark Avenger made frequent attacks on Bontchev. Such is the case with the viruses V2000 and V2100, which claim to have been written by Bontchev, to defame him.[9] This conflict between the two has led some to believe that Bontchev and Dark Avenger were promoting each other or that they might be the same person. Bontchev denied this and claimed in 1993 to have deduced Dark Avenger's identity. He said that because writing viruses was not illegal, there was no point in pursuing it.[13]

Dark Avenger's profile was raised substantially by a 1997 story in Wired, in which the journalist David S. Bennahum attempted to track down Dark Avenger.[14] Bennahum did not uncover Dark Avenger's identity but came to suspect the operator of a Bulgarian bulletin board system that collected computer viruses in the 1990s. Neither he nor someone who claimed to be Dark Avenger would say whether this was true.[1]

References[edit]

  1. ^ a b c d e f g h Bennahum, David S. (1 November 1997). "Heart of Darkness". Wired. Retrieved 14 January 2023.
  2. ^ a b Bontchev, Vesselin. "The Bulgarian and Soviet Virus Factories". Section 1 "How the story began". Archived from the original on 10 December 2008. Retrieved 12 October 2009.
  3. ^ a b Bontchev, Vesselin. "The Bulgarian and Soviet Virus Factories". Section 2.1 "The first Bulgarian virus". Archived from the original on 10 December 2008.
  4. ^ a b c d Briscoe, David (29 January 1993). "Bulgarian Computer Virus Writer, Scourge in the West, Hero at Home". Associated Press. Retrieved 14 January 2023.
  5. ^ a b Belsie, Laurent (19 May 1992). "Bulgarian 'Dark Avenger' Part of East-Bloc Legacy". Christian Science Monitor. Retrieved 14 January 2023.
  6. ^ a b Mühlbauer, Peter (1 August 2001). "Warum eigentlich Manila?". Heinz Heise (in German). Retrieved 14 January 2023.
  7. ^ DBNL. "Nieuw Letterkundig Magazijn. Jaargang 32 · dbnl". DBNL (in Dutch). Retrieved 2 March 2020.
  8. ^ Mulisch, Harry (2012). Harry Mulisch LOGBOEK 1991–1992. Amsterdam: De Bezige Bij. pp. 114, 115, 122–125. ISBN 978-90-234-2836-7.
  9. ^ a b Bontchev, Vesselin. "The Bulgarian and Soviet Virus Factories". Section 2.3 "The Dark Avenger". Archived from the original on 10 December 2008.
  10. ^ a b Fiscutean, Andrada (5 February 2015). "How Eastern Europe's villains changed sides in the malware war - and made you protect your PC". ZDNet. Retrieved 14 January 2023.
  11. ^ Gibson, Steve (27 April 1992). "Tech Talk". InfoWorld. Vol. 14, no. 17. p. 36.
  12. ^ Campbell, Q.; Kennedy, David M. (2009). "The Psychology of Computer Criminals". Computer Security Handbook. John Wiley & Sons. p. 12.20.
  13. ^ Fasbinder, Joe (14 February 1993). "The Bulgarian virus connection". United Press International. Retrieved 14 January 2023.
  14. ^ Parikka, Jussi (2007). Digital Contagions. Peter Lang. p. 182. ISBN 978-1-4331-0093-2.

External links[edit]