Dark Avenger

Dark Avenger was a pseudonym of a computer virus writer from Sofia, Bulgaria. He gained considerable popularity during the early 1990s, as some of his viruses spread not only nationwide but across Europe as well, even reaching the United States and Australia.

Background and origins

In the late 1980s and early 1990s, personal computers in Bulgaria were relatively rare, with only the wealthiest citizens able to afford one. Nevertheless, Bulgaria had a blooming computer hardware industry, which specialised in providing large numbers of PCs for educational purposes. Thus, many schools and universities were provided with computers, and informatics was a commonly studied subject. This helped foster a certain attitude towards computers among the newest generation.

In April, 1988, Bulgaria's specialised magazine for computers, 'Компютър за Вас' (Computer for You), issued an article which explained in detail the nature of computer viruses and even methods for writing them.[1] A few months after that, Bulgaria was "visited" by several foreign viruses, namely "Vienna", "Ping Pong" and "Cascade". The interest spawned by both the article and the viruses was huge, and soon, young Bulgarian programmers began to search for ways to devise their own viruses.[1]

Soon, a wave of Bulgarian viruses erupted, started by the "Old Yankee" and "Vacsina" viruses. Dark Avenger made his first appearance in the spring of 1989.[2]

Viruses

Dark Avenger's first virus appeared in early 1989 and contained the string, "This program was written in the city of Sofia (C) 1988-89 Dark Avenger". Thus, this first virus is usually referred to as "Dark Avenger", eponymous to its author.

It was very infectious: if the virus was active in memory, opening or just copying an executable file was sufficient to infect it. Additionally, the virus also destroyed data, by overwriting a random sector of the disk at every 16th run of an infected program, progressively corrupting files and directories on the disk. Corrupted files contained the string, "Eddie lives... somewhere in time!"—possibly a reference to Iron Maiden's album Somewhere in Time. Due to its highly-infectious nature, the virus spread worldwide, reaching Western Europe, the USSR, the United States, and even East Asia.[2] It even received moderate mention in the New York Times and Washington Post.[3]

This virus was soon followed by others, each employing a new clever trick. Dark Avenger is believed to have authored the following viruses: Dark Avenger, V2000 (two variants), V2100 (two variants), 651, Diamond (two variants), Nomenklatura, 512 (six variants), 800, 1226, Proud, Evil, Phoenix, Anthrax, and Leech. As a major means for spreading the source code of his viruses, Dark Avenger used the then popular bulletin board systems.[4] In its variants, the virus also contained the following strings:

In technical terms, the most prominent feature of some of Dark Avenger's viruses was their polymorphic engine, the Mutation Engine (MtE); MtE could be linked to the plain virus in order to generate polymorphic decryptors. Dark Avenger did not, however, invent polymorphism itself, since this had already been predicted by Fred Cohen and later put into practice by Mark Washburn, in his 1260 virus, in 1990. It wasn't until a year or more later that Dark Avenger's viruses began to employ polymorphic code.

Dark Avenger made frequent attacks on Bulgarian anti-virus researcher Vesselin Bontchev. Such is the case with the viruses V2000 and V2100, which claim to have been written by Bontchev, in an attempt to defame him.[4] This "conflict" between the two has led many to believe that Bontchev and Dark Avenger were intentionally "promoting" each other or that they might even be the same person.

Dark Avenger's actions were not treated as a crime at that time in Bulgaria, since there was no law for information protection.[4]

Identity

The identity of the person behind the pseudonym has never been ascertained. However, a lot can be inferred via various details of the viruses. Additionally, Dark Avenger was the subject of an interview conducted by Sarah Gordon which contains revealing information. Some of Dark Avenger's contemporaries, mainly Vesselin Bontchev, have also shed light on his potential identity.

Dark Avenger may have been a fan of heavy metal music. The string Eddie lives...somewhere in time, which the virus outputs, draws attention. Eddie the Head is the name of the mascot of the heavy metal band Iron Maiden. Additionally, Somewhere in Time is the title of the band's sixth album. Furthermore, in his interview with Gordon, Dark Avenger states that he named himself after "an old song";[5] Manowar (another heavy metal band) have a song titled Dark Avenger, on their debut album.

Interview with Sarah Gordon

One of the victims of Dark Avenger's viruses was Sarah Gordon, a computer security researcher. Gordon became intrigued with the virus and joined a virus-exchange Bulletin Board System ("BBS") in search of more information. Thus, she randomly came upon Dark Avenger, who was an avid visitor of BBS participant. The two came into contact and maintained it through emails for a good several years. Eventually, Sarah Gordon compiled most of these e-mails into a makeshift interview.

The interview offers the best available insight into Dark Avenger's personality and motives, and it contains some valuable information. Dark Avenger had previously stated on several occasions that "destroying data is a pleasure". However, in this "interview", he confesses that he regrets his actions, and that they were not right. The degree to which Dark Avenger exposes himself to Gordon has led many to believe that he held a deep affection for her. He even went as far as devoting one of his viruses to her.

It has been suggested by some virus writers that the Dark Avenger personality was a social experiment and Gordon was the object of a study herself, while helping build the myth. Others have hypothesized that Gordon herself was Dark Avenger. In reality, her work has been externally validated, and it is recognized as the seminal scientific/academic work on the topic.

References

  1. 1 2 Bontchev, Vesselin. "The Bulgarian and Soviet Virus Factories". Section 1 "How the story began". Archived from the original on December 10, 2008. Retrieved October 12, 2009.
  2. 1 2 Bontchev, Vesselin. "The Bulgarian and Soviet Virus Factories". Section 2.1 "The first Bulgarian virus". Archived from the original on December 10, 2008.
  3. http://vx.org.ua/lib/static/vdat/ephearto.htm
  4. 1 2 3 Bontchev, Vesselin. "The Bulgarian and Soviet Virus Factories". Section 2.3 "The Dark Avenger". Archived from the original on December 10, 2008.
  5. https://web.archive.org/web/20121022145450/http://www.research.ibm.com/antivirus/SciPapers/Gordon/Avenger.html

External links

This article is issued from Wikipedia - version of the 9/1/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.