Bulgarian Computer Virus Writer, Scourge in the West, Hero at Home
WASHINGTON (AP) _ The mysterious Dark Avenger lurks in Bulgaria brewing ″viruses″ to infect and rot computer programs and data around the world. He is a scourge in the West but a kind of hero in his own country, computer experts say.
The Avenger, believed by researchers to be a young computer programmer in Sofia, has drawn the attention of new computer crime squads in the United States and Europe. Authorities at the FBI and Scotland Yard say Bulgaria and Russia are prime sources for the mischievous and sometimes costly viruses that can infect home and business computers.
One East Coast company lost $1 million because of the Avenger’s electronic pranks, according to an article in the February issue of Discover magazine, which did not identify the company.
The Avenger’s viruses contain references to Diana, Princess of Wales, and the heavy-metal band Iron Maiden, a fascination that has added to his mystique.
″My guess is that he has a regular job and works regular hours and looks like a normal guy, but comes home at night to a computer, stays up real late and works on his viruses,″ said David Stang, research director for the International Virus Research Center, which has set up fledgling anti-virus organizations in Britain, Australia, Austria, Norway and Taiwan.
The center has a collection of some 2,000 varieties of viruses, Stang said, which it researches to help computer owners around the world protect their programs and data.
Computer viruses are commands usually hidden in legitimate programs and designed to attach themselves to files on the computer’s ″hard drive″ data storage device. They perform various pranks, ranging from playing ″Yankee Doodle″ to eating all of a computer’s files.
Dark Avenger is a computer master to many young Bulgarians who communicate with each other and the outside world via an array of computer bulletin boards, said Stang. Some of the Avenger’s codes and techniques are copied by other virus writers.
″His work is elegant. ... He helps younger programmers. He’s a superhero to many of them,″ Stang said. Comments imbedded in his programs show other programmers how they work.
Bulgaria has spawned virus writers because the country had been designated as computer producer for the old Communist bloc, but had few business or industry uses for the machines, Stang said.
Scotland Yard Detective Constable Chris Pierce of London’s computer crime unit, said programmers in Bulgaria have a lot of knowledge and skill but little market for their services in the economically depressed country.
″You’ve got a lot of frustrated programmers in the East who’ve turned their attention to creating viruses,″ said Pierce in a telephone interview from London.
Six computer hackers were arrested in England on Wednesday in the first crackdown by Scotland Yard on local virus writers. They were in a group calling itself the ″Association of Really Cruel Viruses.″
Pierce said most viruses written in Bulgaria and Russia are still under the control of their authors and not on the loose in the computers of unsuspecting owners around the world.
Last year, the FBI set up a National Computer Crime Squad in Washington which investigates illegal intrusions into computer systems, including viruses.
Neither Bulgaria nor the United States has a federal law against writing computer viruses, although laws against destruction of property, interference with interstate commerce and extortion can be applied in the United States, FBI officials said.
Paul Mungo and Bryan Clough, in the Discover article excerpted from their upcoming book, ″Approaching Zero,″ describe the electronic exploits of Eastern bloc virus writers, including the Avenger.
The authors call one of the Avenger’s latest creations, Mutating Engine, ″the most dangerous virus ever produced″ because it can disguise itself 4 billion ways and contains no constant characteristic that would allow anti- virus scanners to detect it.
One of the newest and most insidious viruses reportedly originated in Russia. Called LoveChild, it lies dormant but sets up a countdown that could take years. After an infected computer is turned on the 5,000th time, all the memory disappears.