Bulgarian `Dark Avenger' Part of East-Bloc Legacy

IN the shadowy world of computer virus writers, he is known as Dark Avenger.

Little is known about him: a Bulgarian; a brilliant computer programmer; a "techno-path," some say.

"If there was a Hall of Fame [for virus writers], he would be in it," says Bob Bales, executive director of the National Computer Security Association in Harrisburg, Pa.

"He's a major nuisance," says Alan Solomon, a leading anti-virus researcher in Britain.

Dark Avenger - no one in the West knows his real name - is part of a Soviet and former East- bloc computer movement gone awry. Instead of producing legitimate software, many young programmers create programs - known as viruses - that infect computers and destroy data. In this dim world, Dark Avenger stands out as one of the world's most prolific virus writers. He is also changing the game.

Dark Avenger calls it his Mutation Engine. Released earlier this year, it helps programmers write new and more difficult viruses known as polymorphics. (See story to right.) Though a few anti-virus researchers cracked it quickly, they worry the "engine" will encourage others to write polymorphic viruses.

"My Mutation Engine ... is far from perfect," Dark Avenger told a British publication, Virus News International in a rare interview printed last week. "But I think it is good enough to show the idea."

Dark Avenger uploaded his "engine" on several computerized bulletin boards. He included instructions on how to use it. He even listed a Bulgarian phone number for technical support. (Calls to this number produced no response.) Destructive motives

"While the other Bulgarian virus writers seem to be just irresponsible or with childish mentality, the Dark Avenger can be classified as a 'techno-path,' " writes Vesselin Bontchev, former director of a Sofia anti-virus lab and now doing doctoral work in Hamburg, Germany. "When asked why his viruses are destructive, he replied that 'destroying data is a pleasure' and that he 'just loves to destroy other people's work.' "

Dark Avenger is part of a larger East-bloc problem. In the early 1980s, Bulgarian leaders styled their country as the Silicon Valley of the East bloc. But they made a fatal mistake, Mr. Bontchev says. Instead of training technicians to produce legitimate software, they pushed them to make hardware, mostly illegal copies of pirated IBM and Apple personal computers. Bulgarian programmers learned a lot about disassembling other people's software. Ethics were overlooked. "We spent a lot of effort teaching th ese people how to program but forgot to educate them in computer ethics," Bontchev writes.

Bulgaria leads the world in creating viruses. Of 318 viruses whose origin was known last year, 76 came from Bulgaria, according to the National Computer Security Association. The situation isn't improving. Bulgaria has no copyright laws for software. It discourages programmers from making original software because it pays them at best 1/100th of what US programmers earn.

"Besides, the lack of respect to the others' work is a common problem in the socialist societies," Bontchev says. He expects Russian virus writers will outdo Bulgaria's in a few years.

Some viruses tell a joke or make a political statement. Others destroy data. Dark Avenger's viruses are the latter kind.

His original program, called Dark Avenger, randomly overwrites a sector of a computer's disk. This can garble data without the user catching on for weeks or even months.

Dark Avenger has also attacked the anti-virus community. He has disguised viruses as anti-virus scanners from Bontchev and John McAfee, who sells a well-known American anti-virus program. The virus writer has found ways to make viruses spread quickly. The Dark Avenger virus is so widespread that it's often included on experts' top 10 lists.

"There is one thing I never understood about the virus writers," says Bontchev, reached by telephone in Hamburg. "To write a virus, it is relatively not so easy. Those people and programmers in Bulgaria ... they are maybe trying to show off to the world how good programmers they are. But to destroy data? It is easy."

Why does Dark Avenger insist on destruction? Some anti-virus researches think he's frustrated.

"There are some commonly used adjectives: probably a guy in his 20s, probably real frustrated in his job and not real challenged, and probably pretty technically adept," says Mr. Bales of the National Computer Security Association. "These are the sorts of things we surmise." Revealing comments

Dark Avenger hinted at some of his motivations in last week's interview. "It [the Anthrax virus] was written in less than a week," he told his interviewer in an electronic mail message. "I just had a lot of other work to do, but I just hated it, so I decided to write this thing to prevent myself from doing my work (grin). I have to stick to the computer, otherwise I would get fired (again)."

Dark Avenger also said that he was under 30, liked heavy metal music, and has programmed computers since 1982. Once he wanted to collaborate with someone, he said, but "I found out that most of the so-called 'virus writers' are so stupid, they don't see obvious things."

"He sounds like a pretty ordinary ... computer programmer," says Ray O'Connell, editor of Virus News International. But "his code is malicious so he is malicious."

Some anti-virus researchers think Dark Avenger is really a computer science major at the University of Sofia who has access to the virus bulletin board (which appears to be shut down for the moment). Dark Avenger is a frequent contributor to the bulletin board. He also included the bulletin board's number with his Mutation Engine for virus writers who want technical support.

But Dr. Solomon, the eminent anti-virus researcher, doubts that any person running a bulletin board would also write viruses. That would be the same as a writer who made his own typewriter, he says. At the moment, there seem to be few legal means to strike back at Dark Avenger. Solomon has successfully persuaded some operators to close down their virus bulletin boards.

"It is to some extent a game of chess between the anti-virus researchers and the virus writers," he says. To checkmate Dark Avenger, someone will have to find out who he is.

You've read  of  free articles. Subscribe to continue.
QR Code to Bulgarian `Dark Avenger' Part of East-Bloc Legacy
Read this article in
QR Code to Subscription page
Start your subscription today