Bulgarian IT industry, historical review: The most dangerous virus  - Questers

Bulgarian IT industry, historical review: The most dangerous virus

Imagine this: a name that sends shivers down your spine - The Dark Avenger. It sounds like something straight out of a superhero saga. But in fact, it's the pseudonym of a computer virus creator from Bulgaria.

Now, let’s find out the secrets behind this cyber legend and one of the most dangerous computer viruses ever made.

A historical overview

In the late 80s and early 90s, Bulgaria stood at a crossroad, grappling with numerous challenges brought by its socialist past. The country faced numerous social, political and economic crises that cast a shadow over its future. During this period, the use of personal computers was not widely spread in Bulgaria. Only a small group of people associated with the country' government were able to afford them.

However, along with the development of the schooling system and informatics science in Bulgaria and especially the Pravets project, most of the academic institutions had computers to meet the educational needs of IT-related disciplines. This relationship between education and technology had a big impact on the younger generation. It is well-known that many young Bulgarian programmers tinkered with their pirated IBM PC clones and released viruses that managed to spread to the West.

How did it all begin?

In January 1989 something unusual happened in Bulgaria. In a popular computer magazine called "Computer for You" a very interesting article appeared. It was all about computer viruses and guess who wrote it? Veselin Bonchev, a 29-year-old research fellow at the Institute of Industrial Cybernetics and Robotics at the Bulgarian Academy of Sciences in Sofia. He wrote about the computer viruses that existed and even provided brief instructions on how to create them - crazy, right? The most interesting part is that when he wrote this text, he had never seen a real virus before.  

A few months after the paper was published, many people became very interested in viruses. This made the young Bulgarian programmers try writing their own malware code. In only a few years, Bulgaria got the reputation of one of the biggest hubs for computer virus development.

Veselin Bonchev started to analyse all the foreign viruses that were spreading in the country, including "Vienna", "Ping Pong" and "Cascade". The first wave of the Bulgarian viruses appeared very soon, including "Old Yankee" and "Vaccine". Shortly after that, in the spring of 1989 the Dark Avenger came into the spotlight.

Who is the Dark Avenger?

The person who stands behind the Dark Avenger nickname remains a mystery and his true identity is still unknown. In 1992, Dark Avenger described himself as a young heavy metal fan who became a hacker while avoiding work. Sarah Gordon, a computer security researcher, wanted to find out more, so she asked for а virus to be named after her. This led her to contact Dark Avenger and later their conversation turned into an interview.

Two researchers, Andrew Bissett and Geraldine Shipton, were also looking into why the Dark Avenger creates viruses in the first place. They thought that he was jealous of the rich people in Western countries. But Sarah Gordon believed in a different theory, that he was doing it because he didn't like someone called Veselin Bonchev. And maybe she was right…

Bonchev is one of the Dark Avenger's most prominent enemies. In the years that the anonymous programmer has been active, Bonchev was studying his viruses, writing antivirus programs and tips on how to remove them in the "Computer for You" magazine. For the PC enthusiast, this extramural battle was interesting and spicy. Even more popular is one of the theories about the identity of Dark Avenger which says the virus writer and Veselin Bonchev are actually the same person.

But let's go back to the first virus that Dark Avenger wrote. In early 1989, It appeared with the message: "This virus was written in Sofia (C) 1988-89 Dark Avenger".

The infection with the virus was simple - if it was loaded in memory, only copying or opening a file was enough to be infected. Additionally, the virus overwrote a random sector of the hard disk every 16th run of an infected program, resulting in the progressive destruction of files and directories that stored information on the disk. The damaged files contained the string "Eddie lives... somewhere in time!", which is a likely reference to Iron Maiden's “Somewhere in Time” album. This virus quickly spread out globally, reaching Western Europe, the Soviet Union, the United States, and even East Asia.

Dark Avenger used the popular at the time BBS (Bulletin Board Systems) as the main channel for distributing viruses. Technically speaking, what stood out the most about Dark Avenger's viruses was how they were designed. They used a special structure called "polymorphic," which means they could change and adapt. Dark Avenger even made a thing called the MtE polymorphic kernel that could be easily added to regular viruses to make them polymorphic too. This idea of viruses changing themselves to dodge anti-virus software was actually thought of by Fred Cohen. Then, in 1990, Mark Washburn used it to make his 1260 virus. About a year later, Dark Avenger started using this same kind of code in his viruses.

Nowadays, the idea of developing viruses can seem far away from the national landscape. It is certain that the country has become one of the main European centres of innovation and excellence in the information technology industry. With a rich story spanning 16 years now, Questers is experienced in setting up and growing dedicated development teams for tech companies from Europe, the UK and the US.  If you would like to learn more about the Bulgarian IT sector, do not hesitate to reach out to us.