For those of you that is yonger maybe “Dark Avenger” does say nothing but if you are among those who used the MS-DOS this name will probably recalls bad memories. Dark Avenger, from Bulgary, was one of the most famous hackers of the end of the Eighties and the beginning of the Nineties and wrote several of the most famous computer viruses of that time, the first of which was named after his name, because in its source coude there was this text: This program was written in the city of Sofia (C) 1988-89 Dark Avenger
. This virus was highly dangerous because it was one of the first polymorphic viruses that had a wide diffusion. A polymorphic virus is a virus that can mutate, that is it can change portions of its code to avoid to be identified by an antivirus software.
The Dark Avenger was the first virus written by the Sofia hacker that was based on his Mutation Engine, a pseudo-cryptographic algorithm that could encrypt the malicious portion of its code so that it can not be recognized at a quick analysis. When the virus was executed, the decryptor would have decrypted the virus bringing it back to plain code. Every time that the virus made a copy of itself the Mutation Engine could use a different key to encypt the malicious code, creating a different variant of itself.
Nothing was known about Dark Avenger: he was an elisuve person. Sarah Gordon, then a researcher who worked in the IT security, was one of the victims of a Dark Avenger’s viruses. She started trying to meet him for an interview or, at least, to have a contact with him, so she registered herself at a BBS frequented by hackers and, finally, she met him. She exchanged several messages with him and, at the end of their contacts, she published a sort of digest, not properly an interview, that describes the Dark Avenger personality and the reasons behind his actions. Here is the text, as originally published by Sarah Gordon, © 1993 VFR Systems International.
August 1992
Sara Gordon – Some time ago, in the Fidonet virus echo, when you were told one of your viruses was responsible for the deaths of thousands, possibly, you responded with an obscenity. Let’s assume for the moment this story is true. Tell me, if one of your viruses was used by someone else to cause a tragic incident, how would you really feel?
Dark Avenger – I am sorry for it. I never meant to cause tragic incidents. I never imagined that these viruses would affect anything outside computers. I used the nasty words because the people who wrote to me said some very nasty things to me first.
SG – Do you mean you were not aware that there could be any serious consequences of the viruses? Don’t computers in your country affect the lives and livelihoods of people?
DA – They don’t, or at least at that time they didn’t. PCs were just some very expensive toys nobody could afford and nobody knew how to use. They were only used by some hotshots (or their children) who had nothing else to play with.
I was not aware that there could be any consequences. This virus was so badly written, I never imagined it would leave the town. It all depends on human stupidity, you know. It’s not the computer’s fault that viruses spread.
SG – It is said many people working for the government and companies in Bulgaria had computers at that time. Isn’t this correct?
DA – I don’t know who said that, but it’s not true. Actually, at that time, most of the people in Bulgaria did not even know what a computer was.
SG – Did you have access to modems at that time? Did you ever make use of virus exchange systems to send your viruses? I’ve seen your name on some of the mail coming from thos systems.
DA – At that time, I did not have access to a modem. At that time there were no virus exchange systems, I think. I’ve been on some of them, but that was much later. I never made any “use” of them, I was just fooling with them. I’ve been on almost no VX systems using that name. If you saw it somewhere, probably it was just some imposter, not me. When I have called any of them they (the sysops) insist I have written many more viruses. It’s very difficult, when you’re (dav) [Dark Avenger] and you upload a virus, to make out that you didn’t write it.
SG – Did you ever call the virus systems using your real name?
DA – Not a real name but a name that sounded like a real person.
SG – Why didn’t you ever contact me?
DA – I did. I left you a message once. Well, it was not to you, but I put something in it for you.
SG – Yes, I remember that one. Something about: “You should see a doctor. Normal women don’t spend their time talking about computer viruses.” I answered it, if you recall?
DA – Yes. You said: “I do not want to be a normal woman, at least not in Bulgaria.”
SG – Yes, but why didn’t you talk to me directly?
DA- I didn’t know you wanted to talk to me. Why didn’t you send me mail?
SG – I was afraid of you. Anyway, why did you dedicate that virus to me?
DA- You said you wanted it.
SG – People have wondered why you wrote your first virus. Why did you write it and do you have any regrets about it?
DA- I wrote it because I had heard about viruses and wanted to know about them, but nobody around me could tell me anything. So I decided to write my own. I put some code inside it that intentionally destroys data, and I am sorry for it. I started working on it in September 1988.
SG- Couldn’t you have asked someone who had a virus to show it to you?
DA- I knew nobody who had a virus. In fact, I think that at that time, nobody in Bulgaria had one.
SG- Where did you hear about viruses? What in particular caught your interest?
DA- There was a magazine called Computer For You, the only magazine in Bulgaria at that time. In its May 1988 issue there was a stupid article about viruses, and a funny picture on its cover. This particular article was what made me write that virus. Of course, this was not the first time I heard about viruses. I wasinterested in them, and thinking of writing one a long time before that. I think the idea of making a program that would travel on its own, and go to places its creator could never go, was the most interesting for me. The American government can stop me from going to the US, but they can’t stop my virus.
SG- It has been stated by Valery Todorov that he wrote his first virus, WWT, because he was curious as to whether he could write one or not, but that he wrote his second virus because Vesselin Bontchev (often called the Number One Enemy of Dark Avenger) gave him the idea. Did you get any ideas from other people’s viruses? Have you ever written a virus with someone else?
DA- No, but for someone else, yes.
SG- For who?
DA- For you.
SG- How do you feel about the destruction of data?
DA- I think it’s not right to destroy someone else’s data.
SG- If you think that, then why did you put destructive code in your viruses?
DA- As for the first virus, the truth is that I didn’t know what else to put in it. Also, to make people try to get rid of the virus, not just let it live. At that time, I didn’t think that data in PCs could have any great value.
SG- Do you mean the data in PCs in Bulgaria is of no value?
DA- As I said (or did I?), at that time there were few PCs in Bulgaria, and they were only used by a bunch of hotshots (or their kids). I just hated it when some asshole had a new powerful 16Mhz 286 and didn’t use it for anything, while I had to program on a 4.77Mhz XT with no harddisk (and I was lucky if I could ever get access to it at all).
Actually, I don;t know why I’m saying all this. The real answer is: I don’t know. And I didn’t care. I also don’t care very much know, I’m afraid. I just want the other people to leave me alone. The weasel (Vesselin Bontchev) can go to hell.
By the way, if you really think you should not break any laws, you can start by purchasing MS-DOS, or turning off all your computers permanently. First law of computer security: don’t buy a computer. Second law: if you ever buy a computer, don’t turn it on.
SG- Don’t you feel responsible if someone else uses one of your viruses to cause actual harm to a person’s machine?
DA- No. If they wanted to cause harm, they wouldn;t need my viruses. The could simply type “format c:” or something else that is much more effective.
SG- How can you say this? By writing and distributing the viruses, making them available, you do provide people with the idea and the means, in the same way you were initially provided. By doing this, your actions affect innocent users.
DA- The innocent users would be much less affected if they bought all the software they used (and from an authorised dealer) and if they used it ion the way they are allowed to by the license agreement. If somebody instead of working plays pirated computer games all day long, then it’s quite likely that at some point they will get a virus.
Besides, there’s no such thing as an innocent user, but that’s another subject.
SG- What about the fact that you’re giving people the idea, by creating such clever viruses?
DA- Ideas are not responsible for people who believe in them. Or use them. Or abuse them. Also, I didn’t write them to “provide” anybody with anything. The weasel is the one who “provides”. I just wrote them for fun. I couldn’t care less for all the suckers who see/use them. They were not supposed to make such a big mess.
SG- Still, you have provided them with an insedious weapon. Don’t you feel that by providing them with such clever computer tricks, you are contributing to hurting the innocent users?
DA- I don’t provide nobody with nothing. The weasel provides.
SG- How does he provide?
DA- He just “provides”. That’s one of his favorite words. I don’t want to talk or think about it.
SG- What do you think about the new crop of virus writers, like Falcon/Skism and nUkE?
DA- They are kids, most of whom seek fame (and achieve it easily with the help of a-v people). Most of them are not good at programming viruses at all.
SG- Weel, at least that is some point you and the a-v community agree upon. You have achieved a certain amount of “fame” yourself. How does it make you feel when you see your name in magazines and mail? How do you feel when you see your viruses “defeated” by anti virus programs?
DA- I wrote the virus so it would be killed, like I said. It was not supposed to do all this. I like seeing my name in magazines and in messages. I used to read all the messages about me. but I like it most when I see it printed somewhere. And I liked it a LOT seeing my things in western a-v programs. First time I saw McAfee Scan was about version 5.0 or so. I liked it a lot. I was just excited, happy.
SG- Where did you get that name, Dark Avenger?
DA- I didn’t really “get” the name. I mean, I didn’t call myself that. I put those words in the virus and someone else (we both know who) said it was written by the Dark Avenger. He’s the one that made me be the Dark Avenger, that name. I didn’t use the name until after he called me that. That phrase itself came from some old song from a long time ago, and not from an Iron Maiden song, like some people have said. In many ways, I suppose you could say he made the Dark Avenger.
SG- How long do you think you continue writing viruses?
DA- I don’t. I never planned it.
SG- You misunderstood the question. Are you going to continue writing viruses?
DA- I don’t know. I depends on what will happen to me.
SG- What do you mean?
DA- I mean, I will not normally write/spread any destructive or virus code, unless something extraordinary happens. Well, not if they put me in jail. If they do, and I ever get out, I will not be in a mood for programming. It is not/was not a crime to write the viruses, so I don’t think this should happen. I just am not interested in writing them now.
SG- Do you know the difference between right and wrong?
DA- Why do you ask me this? In American movies, at the end, always the good guy gets the money, the girl and the applause, and the bad guy gets in jail or something. But in real life, it’s not clear who is good and who is bad, and who gets what. It’s not black and white. The only thing that is for sure is that good people always lose.
SG- Have you ever considered making an anti-virus product, other than the fake doctor.exe which is actually a virus?
DA- I have considered it many times, but anti-virus products are as useless as viruses. As for doctor.exe, it’s not fake, it really does the job as it says it does.
SG- Why do you say they are useless? Don’t you think they help protect users from common viruses?
DA- The users spend much more money on buying such products and their updates rather than on the losses of data damaged because of viruses. The a-v products only help the users to empty their wallets. Besides, viruses would spread much less if the “innocent users” did not steal software, and if they worked a bit more at their workplace, instead of playing games. For example, it is known that the Dark Avenger virus was transported from Europe to the USA via some (stolen) games.
SG- But viruses have now spread far beyond games. Most viruses are known to come by other routes.
DA- Sure they spread beyond the games. Still, I’ve never found a virus on any original disk from a package I bought from Borland International.
SG- But I got my first virus from commercial software! Don’t you remember my telling that story?
DA- Not from Borland International. Some places you get a virus, some places you don’t.
SG- It is said that your fellow Bulgarian, Vesselin Bontchev, did many things to provoke the virus writers. Did he provoke you?
DA- This is quite true, and I don’t think he ever denied it. If he did, it would be a lie. There are a lot of people in Bulgaria who know it and can confirm it, but I don’t think this was a big contribution to virus writing – his viruses were pretty worthless. He is not a good programmer.
SG- Do you feel that conditions in your country really help create virus writers as was stated by Bontchev in his “factory” paper? What can you tell me about the conditions in your country that contributed to your writing your first virus?
DA- I don’t think the conditions in my country help create virus writers any more than conditions in any other country in Eastern Europe. Not after a certain person we both know left the country. As for my first virus, it had nothing to do with it that.
SG- What contribution could “a certain person” have made to assist you (or anyone) in writing a virus? Don’t you think that the conditions affecting the economy and computer technology of your country have indeed contributed to the overabundance of virus writers coming from former Eastern Bloc countries?
DA- His articles were a plain challenge to virus writers, encouraging them to write more. Also they were an excellent guide how to write them, for those who wanted to, but did not know how. It never said that he himself wrote some.
SG- According to some people, the story of viruses being such a big problem from Bulgaria begins with: “Soon hackers obtained a copy of the virus and began to hack it… some were optimised by hand. As a result, now there are several versions of this virus that were created in Bulgaria – versions with infective length 627, 623, 622, 435, 367, 353 and even 348 bytes.” It is said many young people brought Bontchev viruses in those early days.
DA- Sure they did. Do you know the viruses vhp and vhp2?
SG- I think I may have heard of them.
DA- I think you don’t want to know about this. I will send you a copy of a book that will tell you all about it. You don’t want to hear it, and most of all you don’t want to hear it from me.
SG- Did you ever personally give a virus to Vesselin Bontchev? Have you ever met him? There is such an animosity between the two of you, which seems unlikely to exist for two “strangers”. Why is this?
DA- Please, let’s not talk about him ever again. I don’t want you to talk to him.
Font: http://www.thehackademy.net/madchat/vxdevl/papers/avers/avenger.html