[go: nahoru, domu]
Jump to content

Dark Avenger: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
rj
 
(14 intermediate revisions by 9 users not shown)
Line 1: Line 1:
{{short description|Computer virus writer}}
{{short description|Computer virus writer}}
{{Use dmy dates|date=May 2020}}
{{About|a computer virus writer|the song by heavy metal band Manowar|Battle Hymns (Manowar album)}}
{{About|a computer virus writer|the song by heavy metal band Manowar|Battle Hymns (Manowar album)}}
{{Use dmy dates|date=May 2020}}
{{Infobox person
{{Infobox person
|name = Dark Avenger
|name = Dark Avenger
Line 13: Line 13:
|other_names =
|other_names =
|known_for = Writing [[computer virus]]es
|known_for = Writing [[computer virus]]es
|occupation = [[Programmer]], [[technologist]], computer virus writer, [[computer criminal]]
|occupation = [[Programmer]], computer virus writer, [[computer criminal]]
|nationality = [[Bulgarians|Bulgarian]]
|nationality = [[Bulgarians|Bulgarian]]
}}
}}
'''Dark Avenger''' was a pseudonym of a [[computer virus]] writer from [[Sofia]], Bulgaria. He gained considerable popularity during the early 1990s, as some of his viruses spread not only nationwide but across Europe as well, even reaching the United States and Australia.
'''Dark Avenger''' was the [[pseudonym]] of a [[computer virus]] writer from [[Sofia]], Bulgaria. He gained considerable notoriety during the early 1990s when his viruses spread internationally.


== Background and origins ==
== Background and origins ==
During the [[Cold War]], the Bulgarian government authorized projects to reverse engineer Western technology. This eventually led to the [[Pravetz computers]] of the 1980s, which cloned popular Western personal computers. A community formed around these computers when they were used in schools to teach students computer programming.<ref name=wired>{{cite magazine|url=https://www.wired.com/1997/11/heartof/|title=Heart of Darkness|last=Bennahum|first=David S.|magazine=[[Wired (magazine)|Wired]]|date=1997-11-01|accessdate=2023-01-14}}</ref> In April 1988, Bulgaria's trade magazine for computers, ''Компютър за Вас'' (''Computer for You''), published a translation of a German article about computer viruses and methods for writing them.<ref name="people.frisk-software.com#story">{{cite web|last=Bontchev |first=Vesselin |title=The Bulgarian and Soviet Virus Factories |at=Section 1 "How the story began" |url=http://www.people.frisk-software.com/~bontchev/papers/factory.html#How%20the%20story%20began |access-date=12 October 2009 |url-status=dead |archive-url=https://web.archive.org/web/20081210211302/http://www.people.frisk-software.com/~bontchev/papers/factory.html#How%20the%20story%20began |archive-date=10 December 2008 }}</ref><ref name=wired/> A few months after that, Bulgaria experienced several foreign viruses. The interest spawned by both the article and the viruses inspired young Bulgarian programmers to devise their own viruses.<ref name="people.frisk-software.com#story"/> Soon a wave of Bulgarian viruses erupted, started by the "Old Yankee" and "Vacsina" viruses. Dark Avenger made his first appearance in the spring of 1989.<ref name="people.frisk-software.com#first">{{cite web|last=Bontchev |first=Vesselin |title=The Bulgarian and Soviet Virus Factories |at=Section 2.1 "The first Bulgarian virus" |url=http://www.people.frisk-software.com/~bontchev/papers/factory.html#The%20first%20Bulgarian%20virus |url-status=dead |archive-url=https://web.archive.org/web/20081210211302/http://www.people.frisk-software.com/~bontchev/papers/factory.html#The%20first%20Bulgarian%20virus |archive-date=10 December 2008 }}</ref> At the time, Bulgaria did not have any laws against writing computer viruses.<ref name=ap/> Anti-virus researchers identified Bulgaria as having talented programmers who had few commercial opportunities,<ref name=ap>{{cite web|url=https://apnews.com/article/0cf9f58cce078624b05d563cc33daaaa|title=Bulgarian Computer Virus Writer, Scourge in the West, Hero at Home|last=Briscoe|first=David|work=[[Associated Press]]|date=1993-01-29|accessdate=2023-01-14}}</ref> and Bulgarian security researcher Vesselin Bontchev blamed the viruses on the country's history of pirating Western computer code and failure to teach students about computer ethics.<ref name=csm>{{cite news|url=https://www.csmonitor.com/1992/0519/19081.html|title=Bulgarian 'Dark Avenger' Part of East-Bloc Legacy|last=Belsie|first=Laurent|work=[[Christian Science Monitor]]|date=1992-05-19|accessdate=2023-01-14}}</ref>
In the 1980s and 1990s, Bulgaria had a blooming computer hardware industry specialized in providing large numbers of PCs for educational purposes. Thus, many schools and universities were provided with computers and computer science was a commonly studied subject. This helped foster a certain attitude about computers among that generation.

In April 1988, Bulgaria's trade magazine for computers, ''Компютър за Вас'' (''Computer for You''), issued an article explaining in detail the nature of computer viruses and even methods for writing them.<ref name="people.frisk-software.com#story">{{cite web|last=Bontchev |first=Vesselin |title=The Bulgarian and Soviet Virus Factories |at=Section 1 "How the story began" |url=http://www.people.frisk-software.com/~bontchev/papers/factory.html#How%20the%20story%20began |access-date=12 October 2009 |url-status=dead |archive-url=https://web.archive.org/web/20081210211302/http://www.people.frisk-software.com/~bontchev/papers/factory.html#How%20the%20story%20began |archive-date=10 December 2008 }}</ref> A few months after that, Bulgaria was "visited" by several foreign viruses, namely "Vienna", "Ping Pong", and "Cascade". The interest spawned by both the article and the viruses was huge, and soon young Bulgarian programmers began to search for ways to devise their own viruses.<ref name="people.frisk-software.com#story"/>

Soon a wave of Bulgarian viruses erupted, started by the "Old Yankee" and "Vacsina" viruses. Dark Avenger made his first appearance in the spring of 1989.<ref name="people.frisk-software.com#first">
{{cite web|last=Bontchev |first=Vesselin |title=The Bulgarian and Soviet Virus Factories |at=Section 2.1 "The first Bulgarian virus" |url=http://www.people.frisk-software.com/~bontchev/papers/factory.html#The%20first%20Bulgarian%20virus |url-status=dead |archive-url=https://web.archive.org/web/20081210211302/http://www.people.frisk-software.com/~bontchev/papers/factory.html#The%20first%20Bulgarian%20virus |archive-date=10 December 2008 }}</ref>


== Viruses ==
== Viruses ==
Dark Avenger's first virus appeared in early 1989 and contained the string, "This program was written in the city of Sofia (C) 1988–89 Dark Avenger". Thus, this first virus is usually referred to as "Dark Avenger", eponymous to its author.
Dark Avenger's first virus appeared in early 1989 and contained the string, "This program was written in the city of Sofia (C) 1988–89 Dark Avenger". Thus, this first virus is usually referred to as "Dark Avenger", eponymous to its author.<ref name=wired/> Dark Avenger's viruses made frequent references to [[heavy metal music|heavy metal]] bands, including [[Iron Maiden]], and [[Diana, Princess of Wales]].<ref name=ap/> His pseudonym is based on a [[Manowar]] song.<ref name=heise>{{cite web|url=https://www.telepolis.de/features/Warum-eigentlich-Manila-3451855.html|title=Warum eigentlich Manila?|last=Mühlbauer|first=Peter|work=[[Heinz Heise]]|date=2001-08-01|accessdate=2023-01-14|language=de}}</ref>


It was very infectious: if the virus was active in memory, opening or just copying an executable file was sufficient to infect it. Additionally, the virus also destroyed data, by overwriting a random sector of the disk at every 16th run of an infected program, progressively corrupting files and directories on the disk.
The virus was very infectious: if the virus was active in memory, opening or just copying an executable file was sufficient to infect it. Additionally, the virus also destroyed data, by overwriting a random sector of the disk at every 16th run of an infected program, progressively corrupting files and directories on the disk.<ref name=wired/> Corrupted files contained the string, [[Somewhere in Time (Iron Maiden album) |"Eddie lives... somewhere in time!"]],<ref name=wired/> a reference to Iron Maiden.<ref name=heise/> Due to its highly infectious nature, the virus spread worldwide, reaching Western Europe, the USSR, the United States, and East Asia.<ref name="people.frisk-software.com#first"/>
Corrupted files contained the string, "Eddie lives... somewhere in time!"—possibly a reference to [[Iron Maiden]]'s album ''Somewhere in Time''. Due to its highly infectious nature, the virus spread worldwide, reaching [[Western Europe]], the [[USSR]], the [[United States]], and even [[East Asia]].<ref name="people.frisk-software.com#first"/> It even received moderate mention in ''[[The New York Times]]'' and ''[[The Washington Post]]''.<ref name="vx.org.ua">http://vx.org.ua/lib/static/vdat/ephearto.htm</ref>


Dutch author [[Harry Mulisch]] reported having encountered the virus on his laptop while writing his magnum opus ''[[The Discovery of Heaven]]'' in his logbook on 21 October 1981 in the 51st chapter of the book, and because of his own and the book’s [[Kabbalistic Order of the Rose-Cross|cabalistic]] nature, interpreted it as a “favourable sign from higher powers”, and subsequently considered it referring to the raven named Edgar (after [[Edgar Allan Poe|Edgar Allen Poe]]’s [[The Raven|short story]]) which appeared in the corrupted scene of the book, and even considered naming his upcoming son Eduard, after the virus’ output ‘Eddie lives... somewhere in time’, though he eventually named him Menzo instead.<ref>{{Cite web|url=https://www.dbnl.org/tekst/_nie012201401_01/_nie012201401_01_0025.php|title=Nieuw Letterkundig Magazijn. Jaargang 32 · dbnl|last=DBNL|website=DBNL|language=nl|access-date=2 March 2020}}</ref> A few weeks later, on 16 November he re-encountered the virus, and throughout 23–27 November he eventually had the virus professionally removed.<ref>{{Cite book|last=Mulisch|first=Harry|title=Harry Mulisch LOGBOEK 1991–1992|publisher=De Bezige Bij|year=2012|isbn=978-90-234-2836-7|location=Amsterdam|pages=114, 115, 122-125}}</ref>
Dutch author [[Harry Mulisch]] reported encountering the virus on his laptop while writing ''[[The Discovery of Heaven]]''. Mulisch considered it a "favourable sign from higher powers" and briefly considered naming his son Eduard after the virus' output.<ref>{{Cite web|url=https://www.dbnl.org/tekst/_nie012201401_01/_nie012201401_01_0025.php|title=Nieuw Letterkundig Magazijn. Jaargang 32 · dbnl|last=DBNL|website=DBNL|language=nl|access-date=2 March 2020}}</ref> A few weeks later, he re-encountered the virus and had it professionally removed.<ref>{{Cite book|last=Mulisch|first=Harry|title=Harry Mulisch LOGBOEK 1991–1992|publisher=De Bezige Bij|year=2012|isbn=978-90-234-2836-7|location=Amsterdam|pages=114, 115, 122–125}}</ref>


This virus was soon followed by others, each employing a new clever trick. Dark Avenger is believed to have authored the following viruses: Dark Avenger, V2000 (two variants), V2100 (two variants), 651, Diamond (two variants), Nomenklatura, 512 (six variants), 800, 1226, Proud, Evil, Phoenix, Anthrax, and Leech. As a major means for spreading the [[source code]] of his viruses, Dark Avenger used the then popular [[bulletin board systems]].<ref name="people.frisk-software.com#dark">{{cite web|last=Bontchev |first=Vesselin |title=The Bulgarian and Soviet Virus Factories |at=Section 2.3 "The Dark Avenger" |url=http://www.people.frisk-software.com/~bontchev/papers/factory.html#The%20Dark%20Avenger |url-status=dead |archive-url=https://web.archive.org/web/20081210211302/http://www.people.frisk-software.com/~bontchev/papers/factory.html#The%20Dark%20Avenger |archive-date=10 December 2008 }}</ref>
This virus was soon followed by others, each employing a new trick. Dark Avenger is believed to have authored the following viruses: Dark Avenger, V2000 (two variants), V2100 (two variants), 651, Diamond (two variants), Nomenklatura, 512 (six variants), 800, 1226, Proud, Evil, Phoenix, Anthrax, and Leech. As a major means for spreading the [[source code]] of his viruses, Dark Avenger used the then popular [[bulletin board systems]].<ref name="people.frisk-software.com#dark">{{cite web|last=Bontchev |first=Vesselin |title=The Bulgarian and Soviet Virus Factories |at=Section 2.3 "The Dark Avenger" |url=http://www.people.frisk-software.com/~bontchev/papers/factory.html#The%20Dark%20Avenger |url-status=dead |archive-url=https://web.archive.org/web/20081210211302/http://www.people.frisk-software.com/~bontchev/papers/factory.html#The%20Dark%20Avenger |archive-date=10 December 2008 }}</ref>
In its variants, the virus also contained the following strings:
In its variants, the virus also contained the following strings:
* "Zopy (sic) me – I want to travel"
* "Zopy (sic) me – I want to travel"
Line 40: Line 34:
* "Copyright (C) 1989 by Vesselin Bontchev"
* "Copyright (C) 1989 by Vesselin Bontchev"


In technical terms, the most prominent feature of some of Dark Avenger's viruses was their [[Mutation Engine]] (MtE). This allowed the viruses to change their signature, preventing them from being easily recognized by anti-virus programs.<ref name=zdnet>{{cite web|url=https://www.zdnet.com/article/how-eastern-europes-villains-changed-sides-and-made-you-protect-your-computer/|title= How Eastern Europe's villains changed sides in the malware war - and made you protect your PC |last=Fiscutean|first=Andrada|work=[[ZDNet]]|date=2015-02-05|accessdate=2023-01-14}}</ref> Following its release, Paul Mungo and [[Bryan Clough]] called MtE "the most dangerous virus ever produced",<ref name=ap/> and [[Steve Gibson (computer programmer)|Steve Gibson]] wrote that "the game is forever changed".<ref>{{cite magazine|title=Tech Talk|last=Gibson|first=Steve|magazine=[[InfoWorld]]|volume=14|issue=17|date=April 27, 1992|page=36}}</ref>
In technical terms, the most prominent feature of some of Dark Avenger's viruses was their [[Polymorphic code|polymorphic]] engine, the [[Polymorphic engine|Mutation Engine]] (MtE); MtE could be linked to the plain virus in order to generate polymorphic decrypters. Dark Avenger did not, however, invent polymorphism itself, since this had already been predicted by [[Fred Cohen]] and later put into practice by Mark Washburn, in his [[1260 (computer virus)|1260]] virus, in 1990. It wasn't until a year or more later that Dark Avenger's viruses began to employ polymorphic code.

Dark Avenger made frequent attacks on Bulgarian anti-virus researcher Vesselin Bontchev. Such is the case with the viruses V2000 and V2100, which claim to have been written by Bontchev, in an attempt to defame him.<ref name="people.frisk-software.com#dark"/> This "conflict" between the two has led many to believe that Bontchev and Dark Avenger were intentionally "promoting" each other or that they might even be the same person.

Dark Avenger's actions were not treated as a crime at that time in Bulgaria, since there was no law for information protection.<ref name="people.frisk-software.com#dark"/>


== Identity ==
== Identity ==
The identity of the person behind the pseudonym has never been ascertained.<ref name=zdnet/> In 1992, Dark Avenger described himself as a heavy metal fan under 30 who wrote viruses while procrastinating at his job.<ref name=csm/> [[Sarah Gordon (computer scientist)|Sarah Gordon]], a computer security researcher, publicly requested that a virus be named after her. When this request was granted, she used this as an opening to make contact with Dark Avenger. She later published their communications in interview format.<ref name=wired/> Analysis by the researchers Andrew Bissett and Geraldine Shipton concluded that Dark Avenger engaged in [[victim blaming]]; he blamed "human stupidity" for the transmission of his viruses and denied that any data of value would be lost on personal computers. They cited his envy of wealthy Westerners' computers as his motivation for making viruses;<ref>{{cite book|title=Computer Security Handbook|chapter=The Psychology of Computer Criminals|last1=Campbell|first1=Q.|last2=Kennedy|first2=David M.|publisher=[[John Wiley & Sons]]|year=2009|page=12.20}}</ref> Gordon herself attributed his motivation to a hatred of Bontchev.<ref name=wired/> Dark Avenger made frequent attacks on Bontchev. Such is the case with the viruses V2000 and V2100, which claim to have been written by Bontchev, to defame him.<ref name="people.frisk-software.com#dark"/> This conflict between the two has led some to believe that Bontchev and Dark Avenger were promoting each other or that they might be the same person. Bontchev denied this and claimed in 1993 to have deduced Dark Avenger's identity. He said that because writing viruses was not illegal, there was no point in pursuing it.<ref>{{cite news|url=https://www.upi.com/Archives/1993/02/14/The-Bulgarian-virus-connection/6614729666000/|title=The Bulgarian virus connection|last=Fasbinder|first=Joe|work=[[United Press International]]|date=1993-02-14|accessdate=2023-01-14}}</ref>
The identity of the person behind the pseudonym has never been ascertained. However, a lot can be inferred via various details of the viruses. Additionally, Dark Avenger was the subject of an interview conducted by [[Sarah Gordon]] which contains revealing information. Some of Dark Avenger's contemporaries, mainly Vesselin Bontchev, have also shed light on his potential identity.

Dark Avenger may have been a fan of [[heavy metal music]]. The string ''Eddie lives...somewhere in time'', which the virus outputs, draws attention. [[Eddie (mascot)|Eddie]] is the name of the mascot of the heavy metal band [[Iron Maiden]]. Additionally, [[Somewhere in Time (Iron Maiden album)|Somewhere in Time]] is the title of the band's sixth album. Furthermore, in his interview with Gordon, Dark Avenger states that he named himself after "an old song";<ref>{{Cite web|url=http://www.research.ibm.com/antivirus/SciPapers/Gordon/Avenger.html|title=Generic Virus Writer|date=22 October 2012|archive-url=https://web.archive.org/web/20121022145450/http://www.research.ibm.com/antivirus/SciPapers/Gordon/Avenger.html|archive-date=22 October 2012}}</ref> [[Manowar]] (another heavy metal band) have a song titled ''Dark Avenger'', on their [[Battle Hymns (Manowar album)|debut album]]. One of the viruses, Anthrax [[Anthrax (American band)|may have been named after a heavy metal band of the same name]].

Some hypothesize that Dark Avenger is Dr. Vesselin Vladimirov Bontchev due to the fact that a "Vesselin Bontchev" was mentioned in a 1989 virus by the Dark Avenger soon after Bontchev had written his doctoral thesis on computer viruses.<ref>{{Cite web|url=https://bontchev.nlcv.bas.bg/|title=Dr. Vesselin Vladimirov Bontchev|website=bontchev.nlcv.bas.bg}}</ref>

== Interview with Sarah Gordon ==
One of the victims of Dark Avenger's viruses was [[Sarah Gordon]], a computer security researcher. Gordon became intrigued with the virus and joined a virus-exchange [[Bulletin Board System]] ("BBS") in search of more information. Thus, she randomly came upon Dark Avenger, who was an avid visitor and BBS participant. The two came into contact and maintained it through e-mails for several years. Sarah Gordon later compiled most of these e-mails into a makeshift interview.

The interview offers the best available insight into Dark Avenger's personality and motives, and it contains some valuable information. Dark Avenger had previously stated on several occasions that "destroying data is a pleasure". However, in this "interview", he confesses that he regrets his actions, and that they were not right. The degree to which Dark Avenger exposes himself to Gordon has led many to believe that he held a deep affection for her. He even went as far as devoting one of his viruses to her.


Dark Avenger's profile was raised substantially by a 1997 story in ''[[Wired (magazine)|Wired]]'', in which the journalist David S. Bennahum attempted to track down Dark Avenger.<ref>{{cite book|title=Digital Contagions|last=Parikka|first=Jussi|publisher=[[Peter Lang (publisher)|Peter Lang]]|year=2007|isbn=978-1-4331-0093-2|page=182}}</ref> Bennahum did not uncover Dark Avenger's identity but came to suspect the operator of a Bulgarian [[bulletin board system]] that collected computer viruses in the 1990s. Neither he nor someone who claimed to be Dark Avenger would say whether this was true.<ref name=wired/>
It has been suggested by some virus writers{{According to whom|date=November 2009}} that the Dark Avenger personality was a social experiment and Gordon was the object of a study herself, while helping build the myth. Others have hypothesized that Gordon herself was Dark Avenger.


== References ==
== References ==
Line 65: Line 46:


== External links ==
== External links ==
* [https://web.archive.org/web/20120204065804/http://vx.netlux.org/vx.php?id=em11 MtE downloads for three of its versions]
* [https://web.archive.org/web/20121022145450/http://www.research.ibm.com/antivirus/SciPapers/Gordon/Avenger.html An interview of the Dark Avenger by Sarah Gordon]
* [https://web.archive.org/web/20070702211649/http://vx.netlux.org/lib/static/vdat/ivdarkav.htm An interview of the Dark Avenger made by Sarah Gordon]
* [https://web.archive.org/web/20121022145450/http://www.research.ibm.com/antivirus/SciPapers/Gordon/Avenger.html An interview of the Dark Avenger made by Sarah Gordon (another link)]
*[https://web.archive.org/web/20040812231047/http://vx.netlux.org/lib/static/vdat/epgenvir.htm General psychological profile over virus writers I, by Sarah Gordon]
* [https://web.archive.org/web/20120204065727/http://vx.netlux.org/lib/static/vdat/epgenvr2.htm General psychological profile over virus writers II, by Sarah Gordon]
* [https://web.archive.org/web/20160109145104/http://badguys.org/ Many papers on virus writers by Sarah Gordon]
* [https://www.f-secure.com/v-descs/eddie.shtml Dark Avenger Virus Information]
* [https://www.wired.com/wired/archive/5.11/heartof_pr.html Heart of Darkness, by David S. Bennahum]


{{Hacking in the 1990s}}
{{Hacking in the 1990s}}
Line 80: Line 54:
[[Category:Computer viruses]]
[[Category:Computer viruses]]
[[Category:People from Sofia]]
[[Category:People from Sofia]]
[[Category:Bulgarian computer criminals]]
[[Category:Bulgarian criminals]]
[[Category:Cybercriminals]]
[[Category:Year of birth missing (living people)]]
[[Category:Year of birth missing (living people)]]

Latest revision as of 22:52, 7 December 2023

This article is about a computer virus writer. For the song by heavy metal band Manowar, see Battle Hymns (Manowar album).

Dark Avenger
BornUnknown
Sofia, Bulgaria
NationalityBulgarian
Occupation(s)Programmer, computer virus writer, computer criminal
Known forWriting computer viruses

Dark Avenger was the pseudonym of a computer virus writer from Sofia, Bulgaria. He gained considerable notoriety during the early 1990s when his viruses spread internationally.

Background and origins

[edit]

During the Cold War, the Bulgarian government authorized projects to reverse engineer Western technology. This eventually led to the Pravetz computers of the 1980s, which cloned popular Western personal computers. A community formed around these computers when they were used in schools to teach students computer programming.[1] In April 1988, Bulgaria's trade magazine for computers, Компютър за Вас (Computer for You), published a translation of a German article about computer viruses and methods for writing them.[2][1] A few months after that, Bulgaria experienced several foreign viruses. The interest spawned by both the article and the viruses inspired young Bulgarian programmers to devise their own viruses.[2] Soon a wave of Bulgarian viruses erupted, started by the "Old Yankee" and "Vacsina" viruses. Dark Avenger made his first appearance in the spring of 1989.[3] At the time, Bulgaria did not have any laws against writing computer viruses.[4] Anti-virus researchers identified Bulgaria as having talented programmers who had few commercial opportunities,[4] and Bulgarian security researcher Vesselin Bontchev blamed the viruses on the country's history of pirating Western computer code and failure to teach students about computer ethics.[5]

Viruses

[edit]

Dark Avenger's first virus appeared in early 1989 and contained the string, "This program was written in the city of Sofia (C) 1988–89 Dark Avenger". Thus, this first virus is usually referred to as "Dark Avenger", eponymous to its author.[1] Dark Avenger's viruses made frequent references to heavy metal bands, including Iron Maiden, and Diana, Princess of Wales.[4] His pseudonym is based on a Manowar song.[6]

The virus was very infectious: if the virus was active in memory, opening or just copying an executable file was sufficient to infect it. Additionally, the virus also destroyed data, by overwriting a random sector of the disk at every 16th run of an infected program, progressively corrupting files and directories on the disk.[1] Corrupted files contained the string, "Eddie lives... somewhere in time!",[1] a reference to Iron Maiden.[6] Due to its highly infectious nature, the virus spread worldwide, reaching Western Europe, the USSR, the United States, and East Asia.[3]

Dutch author Harry Mulisch reported encountering the virus on his laptop while writing The Discovery of Heaven. Mulisch considered it a "favourable sign from higher powers" and briefly considered naming his son Eduard after the virus' output.[7] A few weeks later, he re-encountered the virus and had it professionally removed.[8]

This virus was soon followed by others, each employing a new trick. Dark Avenger is believed to have authored the following viruses: Dark Avenger, V2000 (two variants), V2100 (two variants), 651, Diamond (two variants), Nomenklatura, 512 (six variants), 800, 1226, Proud, Evil, Phoenix, Anthrax, and Leech. As a major means for spreading the source code of his viruses, Dark Avenger used the then popular bulletin board systems.[9] In its variants, the virus also contained the following strings:

  • "Zopy (sic) me – I want to travel"
  • "Only the Good die young..."
  • "Copyright (C) 1989 by Vesselin Bontchev"

In technical terms, the most prominent feature of some of Dark Avenger's viruses was their Mutation Engine (MtE). This allowed the viruses to change their signature, preventing them from being easily recognized by anti-virus programs.[10] Following its release, Paul Mungo and Bryan Clough called MtE "the most dangerous virus ever produced",[4] and Steve Gibson wrote that "the game is forever changed".[11]

Identity

[edit]

The identity of the person behind the pseudonym has never been ascertained.[10] In 1992, Dark Avenger described himself as a heavy metal fan under 30 who wrote viruses while procrastinating at his job.[5] Sarah Gordon, a computer security researcher, publicly requested that a virus be named after her. When this request was granted, she used this as an opening to make contact with Dark Avenger. She later published their communications in interview format.[1] Analysis by the researchers Andrew Bissett and Geraldine Shipton concluded that Dark Avenger engaged in victim blaming; he blamed "human stupidity" for the transmission of his viruses and denied that any data of value would be lost on personal computers. They cited his envy of wealthy Westerners' computers as his motivation for making viruses;[12] Gordon herself attributed his motivation to a hatred of Bontchev.[1] Dark Avenger made frequent attacks on Bontchev. Such is the case with the viruses V2000 and V2100, which claim to have been written by Bontchev, to defame him.[9] This conflict between the two has led some to believe that Bontchev and Dark Avenger were promoting each other or that they might be the same person. Bontchev denied this and claimed in 1993 to have deduced Dark Avenger's identity. He said that because writing viruses was not illegal, there was no point in pursuing it.[13]

Dark Avenger's profile was raised substantially by a 1997 story in Wired, in which the journalist David S. Bennahum attempted to track down Dark Avenger.[14] Bennahum did not uncover Dark Avenger's identity but came to suspect the operator of a Bulgarian bulletin board system that collected computer viruses in the 1990s. Neither he nor someone who claimed to be Dark Avenger would say whether this was true.[1]

References

[edit]
  1. ^ a b c d e f g h Bennahum, David S. (1 November 1997). "Heart of Darkness". Wired. Retrieved 14 January 2023.
  2. ^ a b Bontchev, Vesselin. "The Bulgarian and Soviet Virus Factories". Section 1 "How the story began". Archived from the original on 10 December 2008. Retrieved 12 October 2009.
  3. ^ a b Bontchev, Vesselin. "The Bulgarian and Soviet Virus Factories". Section 2.1 "The first Bulgarian virus". Archived from the original on 10 December 2008.
  4. ^ a b c d Briscoe, David (29 January 1993). "Bulgarian Computer Virus Writer, Scourge in the West, Hero at Home". Associated Press. Retrieved 14 January 2023.
  5. ^ a b Belsie, Laurent (19 May 1992). "Bulgarian 'Dark Avenger' Part of East-Bloc Legacy". Christian Science Monitor. Retrieved 14 January 2023.
  6. ^ a b Mühlbauer, Peter (1 August 2001). "Warum eigentlich Manila?". Heinz Heise (in German). Retrieved 14 January 2023.
  7. ^ DBNL. "Nieuw Letterkundig Magazijn. Jaargang 32 · dbnl". DBNL (in Dutch). Retrieved 2 March 2020.
  8. ^ Mulisch, Harry (2012). Harry Mulisch LOGBOEK 1991–1992. Amsterdam: De Bezige Bij. pp. 114, 115, 122–125. ISBN 978-90-234-2836-7.
  9. ^ a b Bontchev, Vesselin. "The Bulgarian and Soviet Virus Factories". Section 2.3 "The Dark Avenger". Archived from the original on 10 December 2008.
  10. ^ a b Fiscutean, Andrada (5 February 2015). "How Eastern Europe's villains changed sides in the malware war - and made you protect your PC". ZDNet. Retrieved 14 January 2023.
  11. ^ Gibson, Steve (27 April 1992). "Tech Talk". InfoWorld. Vol. 14, no. 17. p. 36.
  12. ^ Campbell, Q.; Kennedy, David M. (2009). "The Psychology of Computer Criminals". Computer Security Handbook. John Wiley & Sons. p. 12.20.
  13. ^ Fasbinder, Joe (14 February 1993). "The Bulgarian virus connection". United Press International. Retrieved 14 January 2023.
  14. ^ Parikka, Jussi (2007). Digital Contagions. Peter Lang. p. 182. ISBN 978-1-4331-0093-2.
[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Dark_Avenger&oldid=1188825907"