Dark Avenger

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Dark Avenger was a pseudonym of a computer virus writer from Sofia, Bulgaria. He gained considerable popularity during the early 1990s, as some of his viruses spread not only nationwide, but across Europe as well, even reaching the United States and Australia.

Background and origins[edit]

In the late 1980's and early 1990's, personal computers in Bulgaria were relatively rare, with only the wealthiest citizens able to afford one. Nevertheless, Bulgaria had a blooming computer hardware industry, which specialised in providing large numbers of PCs for educational purposes. Thus, many schools and universities were provided with computers, and informatics was a commonly studied subject. This helped foster a certain attitude towards computers among the newest generation.

In April, 1988, Bulgaria's specialised magazine for computers, 'Компютър за Вас' (Computer for You), issued an article which explained in detail the nature of computer viruses and even methods for writing them.[1] A few months after that, Bulgaria was "visited" by several foreign viruses, namely "Vienna", "Ping Pong" and "Cascade". The interest spawned by both the article and the viruses was huge, and soon, young Bulgarian programmers began to search for ways to devise their own viruses.[1]

Soon, a wave of Bulgarian viruses erupted, started by the "Old Yankee" and "Vacsina" viruses. Dark Avenger made his first appearance in the spring of 1989.[1]

Viruses[edit]

Dark Avenger's first virus appeared in early 1989 and contained the string "This program was written in the city of Sofia (C) 1988-89 Dark Avenger". Thus, this first virus is usually referred to as "Dark Avenger", eponymous to its author.

It was very infectious: if the virus was active in memory, opening or just copying an executable file was sufficient to infect it. Additionally, the virus also destroyed data, by overwriting a random sector of the disk at every 16th run of an infected program, progressively corrupting files and directories on the disk. Corrupted files contained the string "Eddie lives... somewhere in time!"—possibly a reference to Iron Maiden's album, "Somewhere in Time". Due to its highly-infectious nature, the virus spread world-wide, reaching Western Europe, the USSR, the United States, and even East Asia.[1] It even received moderate mention in the New York Times and Washington Post.[2]

This virus was soon followed by others, each employing a new clever trick. Dark Avenger is believed to have authored the following viruses: Dark Avenger, V2000 (two variants), V2100 (two variants), 651, Diamond (two variants), Nomenklatura, 512 (six variants), 800, 1226, Proud, Evil, Phoenix, Anthrax, Leech. As a major means for spreading the source code of his viruses, Dark Avenger used the then popular bulletin board systems.[1] In its variants, the virus also contained the following strings:

  • "Zopy (sic) me - I want to travel"
  • "Only the Good die young..."
  • "Copyright (C) 1989 by Vesselin Bontchev"

In technical terms, the most prominent feature of some of Dark Avenger's viruses was their polymorphic engine, the Mutation Engine (MtE); MtE could be linked to the plain virus in order to generate polymorphic decryptors. Dark Avenger did not, however, invent polymorphism itself, since this had already been predicted by Fred Cohen, and later put into practice by Mark Washburn in his 1260 virus, in 1990. It wasn't until a year or more later that Dark Avenger's viruses began to employ polymorphic code.

Dark Avenger made frequent attacks on Bulgarian anti-virus researcher Vesselin Bontchev. Such is the case with the viruses V2000 and V2100, which claim to be written by Vesselin Bontchev, in an attempt to cause defamation.[1] This "conflict" between the two has led many to believe that Bontchev and Dark Avenger were intentionally "promoting" each other, or that they might even be the same person.

Dark Avenger's actions were not treated as a crime at that time in Bulgaria, since there was no law for information protection.[1]

Identity[edit]

The identity of the person behind the pseudonym has never been ascertained. However, a lot can be inferred via various details of the viruses. Additionally, Dark Avenger was the subject of an interview conducted by Sarah Gordon which contains revealing information. Some of Dark Avenger's contemporaries, mainly Vesselin Bontchev, have also shed light on his potential identity.

Dark Avenger may have been a fan of heavy metal music. The string Eddie lives...somewhere in time, which the virus outputs, draws attention. Eddie the Head is the name of the mascot of the heavy metal band Iron Maiden. Additionally, Somewhere in Time is the name of the band's sixth album. Furthermore, in his interview with Sarah Gordon, Dark Avenger states that he named himself after "an old song";[3] Manowar (also a heavy metal band) have a song called Dark Avenger, on their debut album.

Interview with Sarah Gordon[edit]

One of the victims of Dark Avenger's viruses was Sarah Gordon, a computer security researcher. Gordon became intrigued with the virus, and joined a virus-exchange BBS in search of more information. Thus, she randomly came upon Dark Avenger, who was an avid visitor of BBSes himself. The two came into contact and maintained it through emails for a good several years. Eventually, Sarah Gordon compiled most of these e-mails into a makeshift interview.

The interview is the best insight into Dark Avenger's personality and motives and it contains some valuable information. Dark Avenger had previously stated on several occasions that "destroying data is a pleasure". However, in this interview, he confesses that he regrets his actions, and that they were not right. The degree to which Dark Avenger exposes himself to Sarah Gordon has led many to believe that he held a deep affection for her. He even went as far as devoting one of his viruses to her.

It has been suggested by some virus writers[according to whom?] that the Dark Avenger personality was a social experiment and Gordon was the object of a study herself, while helping build the myth. Others have hypothesized that she herself was Dark Avenger. In reality, her work has been externally validated, and is recognized as the seminal scientific/academic work on the topic.

References[edit]

External links[edit]