Dancho Danchev

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Dancho Danchev
Citizenship Bulgarian
Occupation Security researcher
Dancho Danchev's blog

Dancho Danchev is a Bulgarian Internet security analyst.


Danchev is known for discovering computer virus and spamming attacks as they surface on the Internet, and providing details on the new threats.[1] As a security researcher, he has been the first person to report major malware campaigns as they begin to take form.[2] Danchev has also discussed the use of new technology, like USB keys, and their potential effects on the internal security of the computer systems of major corporations.[3] Danchev reports on the use of new technology or methods of breaking through Internet security protocols as well.[4]

His blog posts and articles have included explanations of the overall landscape of the underground malware industry in countries like Russia and China,[5][6] in addition to the use of the Internet by terrorist networks.[7][8] The entities he has reported on include volunteer militias of hackers that independently attack the servers of enemy nations while their countries are in the midst of military operations, such as Russia's involvement in Georgia.[9] In 2009 he discovered that the Indian embassy in Spain had been taken over to serve malware to those who visited the site.[10] He also reports on the hacking of major corporate websites.[11][12][13]

Specific attacks that Danchev provided initial analysis for include a "Chinese hacktivist" attack on CNN.com in 2008;[14][15] the Operation Ababil attack on Wells Fargo, U.S. Bank and PNC Bank;[16] a 2009 malicious comment attack on YouTube and Digg.com;[17] a large 2010 blackhat SEO campaign affecting both Bing and Google searches;[18] a 2009 New York Times malvertisement attack;[19] and a 2010 attack on Network Solutions.[20]

Koobface investigations[edit]

In February 2010 Danchev posted an article called "10 things you didn't know about the Koobface gang", discussing various interactions he has had with them (they once redirected the Facebook website to his blog) and other pieces of information. In May the creators of the malware then forced its network to post a point by point response to the article on the screens of all the computers they had infected.[21] Danchev continued his investigations into the gang, eventually posting the full biographical details of some of its members on his blog.[22]

2010 Disappearance[edit]

In late 2010 ZDNet, which Danchev co-wrote, reported that he had disappeared from home in Bulgaria and was feared harmed.[23] On September 11, 2010 he submitted what would be his final post of the year, writing about a "cyber jihad" and during that month he also sent letters to friends stating that he was concerned that he was under surveillance.[24] After his disappearance ZDNet received a message stating that "Dancho's alive but he's in a lot of trouble".[25] He resurfaced in January 2011.[26]


  1. ^ "Spammers Execute Attacks Serially for Compromising Internauts’ PCs, Cautions Dancho Danchev". SpamFighter. July 22, 2013. Retrieved August 13, 2013. 
  2. ^ Robert McMillan (March 28, 2008). "Major Web sites hit with growing Web attack". Infoworld. Retrieved August 13, 2013. 
  3. ^ Adrian Kingsley-Hughes (July 30, 2013). "USB flash drives masquerading as keyboards mean more BYOD security headaches". ZNet. Retrieved August 13, 2013. 
  4. ^ Steve Ragan (August 30, 2008). "CAPTCHAs are dead – new research from Dancho Danchev confirms it". The Tech Herald. Retrieved August 13, 2013. 
  5. ^ Angela Gunn (April 25, 2006). "Notes from the underground". ComputerWorld. Retrieved August 13, 2013. 
  6. ^ Andy Greenberg (April 28, 2008). "Google-Hacking Goes To China". Forbes. Retrieved August 13, 2013. 
  7. ^ Kevin Poulsen (July 27, 2007). "Cyber Jihadists Embrace Tor — UPDATED". Wired. Retrieved August 13, 2013. 
  8. ^ Noah Schachtman (June 25, 2007). "Terrorists Keep Blogs, Too". Wired. Retrieved August 13, 2013. 
  9. ^ Gregg Keizer (August 13, 2008). "Russian hacker 'militia' mobilizes to attack Georgia". ComputerWorld. Retrieved August 13, 2013. 
  10. ^ John Leyden (January 29, 2009). "Indian embassy website hack part of wider assault". The Register. Retrieved August 13, 2013. 
  11. ^ Robert McMillan (May 30, 2008). "Domain Name Record Altered to Hack Comcast.net". ABC News. Retrieved August 13, 2013. 
  12. ^ Gregg Keizer (March 31, 2008). "Hackers expand massive IFRAME attack to prime sites". Computerworld. Retrieved August 13, 2013. 
  13. ^ Julianne Pepitone (February 23, 2013). "NBC hack infects visitors in 'drive by' cyberattack". CNN. Retrieved August 13, 2013. 
  14. ^ Robert McMillan (April 23, 2008). "CNN Site Hit by China Attack". ABC News. Retrieved August 15, 2013. 
  15. ^ "CNN web site under fire". The H Security. April 24, 2008. Retrieved August 15, 2013. 
  16. ^ Antone Gonsalves (September 28, 2008). "Bank attackers more sophisticated than typical hacktivists, expert says". CSO. Retrieved August 15, 2013. 
  17. ^ Angela Moscaritolo (March 3, 2009). "Users increasingly falling victim to malware distributed on Digg, YouTube". SC Magazine. Retrieved August 15, 2013. 
  18. ^ Mathew J. Schwartz (August 18, 2010). "Scareware Using Bing Results To Expand Attack". Information Week. Retrieved August 15, 2013. 
  19. ^ John Leyden (September 18, 2009). "NYT scareware scam linked to click fraud botnet". The Register. Retrieved August 15, 2013. 
  20. ^ Dan Goodin (April 19, 2010). "Network Solutions customers hit by mass hack attack". The Register. Retrieved August 15, 2013. 
  21. ^ John Leyden (May 18, 2010). "Koobface gang counter-poohpooh nemesis sec-pro Danchev". The Register. Retrieved August 13, 2013. 
  22. ^ Jeremy Kirk (January 17, 2012). "Facebook, Researchers Turn up Heat on Koobface Gang". PC World. Retrieved August 13, 2013. 
  23. ^ Kim Zetter (January 14, 2011). "Security Researcher, Cybercrime Foe Goes Missing". Wired. Retrieved August 13, 2013. 
  24. ^ James Dotta (January 17, 2011). "Who Framed Dancho Danchev?". WebNews.it. Retrieved August 13, 2013. 
  25. ^ Chloe Albanesius (January 14, 2011). "ZDNet Security Blogger Mysteriously Disappears". PC Magazine. Retrieved August 13, 2013. 
  26. ^ Robin Wauters (January 21, 2011). "Great News: Missing Cybersecurity Expert Dancho Danchev Is No Longer Missing". TechCrunch. Retrieved August 13, 2013. 

External links[edit]