Benutzer:Worm&Virus/Entwurf Dark Avenger
Dark Avenger ist das Pseudonym eines Programmierers. Er stammt vermutlich aus Sofia in Bulgarien. Er schrieb mehrere bekannte Viren. Bekannt ist auch seine Polymorphic Engine.
In den frühen neunziger Jahren erlangte er beträchtliche Popularität, da sich einige seiner Viren nicht nur landesweit, sondern auch in ganz Europa verbreiteten und sogar die Vereinigten Staaten und Australien erreichten.
Pseusonym und Identität
Die Identität der Person hinter dem Pseudonym wurde nie festgestellt. Über verschiedene Details der Viren kann jedoch viel abgeleitet werden. Darüber hinaus war Dark Avenger Gegenstand eines Interviews von Sarah Gordon, das aufschlussreiche Informationen enthält. Einige Zeitgenossen von Dark Avenger, hauptsächlich Vesselin Bontchev, haben auch seine potenzielle Identität beleuchtet.
Dark Avenger war vielleicht ein Fan von Heavy Metal. Die Zeichenfolge Eddie lebt ... irgendwo in der Zeit, die der Virus ausgibt, zieht die Aufmerksamkeit auf sich. Eddie ist der Name des Maskottchens der Heavy Metal Band Iron Maiden. Außerdem ist Somewhere in Time der Titel des sechsten Albums der Band. Darüber hinaus gibt Dark Avenger in seinem Interview mit Gordon an, dass er sich nach "einem alten Song" benannt hat.[1] Manowar (eine andere Heavy-Metal-Band) haben auf ihrem Debütalbum einen Song mit dem Titel Dark Avenger. Anthrax, eines der Viren, wurde möglicherweise nach einer gleichnamigen Heavy-Metal-Band benannt.
Einige Hypothesen gehen davon aus, dass es sich bei Dark Avenger um Dr. Vesselin Vladimirov Bontchev handelt, da der Dark Avenger kurz nachdem Bontchev seine Doktorarbeit über Computerviren verfasst hatte, einen "Vesselin Bontchev" in einem Virus von 1989 erwähnt hatte.[2]
Szene im Jahr 1990
In den 1980er und 1990er Jahren hatte Bulgarien eine blühende Computerhardwareindustrie, die darauf spezialisiert war, eine große Anzahl von PCs für Bildungszwecke bereitzustellen. So wurden viele Schulen und Universitäten mit Computern ausgestattet, und Informatik war ein allgemein studiertes Fach. Dies trug dazu bei, eine bestimmte Einstellung dieser Generation zu Computern zu fördern.
Im April 1988 veröffentlichte das bulgarische Fachmagazin für Computer, Компютър за Вас (Computer for you), einen Artikel, in dem die Natur von Computerviren und sogar Methoden zu deren Schreiben ausführlich erläutert wurden.[3] Einige Monate später wurde Bulgarien von mehreren ausländischen Viren "besucht", nämlich "Wien", "Ping Pong" und "Cascade". Das Interesse sowohl des Artikels als auch der Viren war groß, und bald begannen junge bulgarische Programmierer, nach Wegen zu suchen, um ihre eigenen Viren zu entwickeln.[3]
Bald brach eine Welle bulgarischer Viren aus, die von den Viren "Old Yankee" und "Vacsina" ausgelöst wurde. Dark Avenger trat zum ersten Mal im Frühjahr 1989 auf.[4]
Entwicklungen
Computerviren
Dark Avenger's first virus appeared in early 1989 and contained the string, "This program was written in the city of Sofia (C) 1988–89 Dark Avenger". Thus, this first virus is usually referred to as "Dark Avenger", eponymous to its author.
It was very infectious: if the virus was active in memory, opening or just copying an executable file was sufficient to infect it. Additionally, the virus also destroyed data, by overwriting a random sector of the disk at every 16th run of an infected program, progressively corrupting files and directories on the disk. Corrupted files contained the string, "Eddie lives... somewhere in time!"—possibly a reference to Iron Maiden's album Somewhere in Time. Due to its highly infectious nature, the virus spread worldwide, reaching Western Europe, the USSR, the United States, and even East Asia.[4] It even received moderate mention in The New York Times and The Washington Post.[5]
Dutch author Harry Mulisch reported having encountered the virus on his laptop while writing his magnum opus The Discovery of Heaven in his logbook on 21 October 1981 in the 51st chapter of the book, and because of his own and the book’s cabalistic nature, interpreted it as a “favourable sign from higher powers”, and subsequently considered it referring to the raven named Edgar (after Edgar Allen Poe’s short story) which appeared in the corrupted scene of the book, and even considered naming his upcoming son Eduard, after the virus’ output ‘Eddie lives... somewhere in time’, though he eventually named him Menzo instead[6]. A few weeks later, on 16 November he re-encountered the virus, and throughout 23–27 November he eventually had the virus professionally removed.[7]
This virus was soon followed by others, each employing a new clever trick. Dark Avenger is believed to have authored the following viruses: Dark Avenger, V2000 (two variants), V2100 (two variants), 651, Diamond (two variants), Nomenklatura, 512 (six variants), 800, 1226, Proud, Evil, Phoenix, Anthrax, and Leech. As a major means for spreading the source code of his viruses, Dark Avenger used the then popular bulletin board systems.[8] In its variants, the virus also contained the following strings:
- "Zopy (sic) me – I want to travel"
- "Only the Good die young..."
- "Copyright (C) 1989 by Vesselin Bontchev"
In technical terms, the most prominent feature of some of Dark Avenger's viruses was their polymorphic engine, the Mutation Engine (MtE); MtE could be linked to the plain virus in order to generate polymorphic decrypters. Dark Avenger did not, however, invent polymorphism itself, since this had already been predicted by Fred Cohen and later put into practice by Mark Washburn, in his 1260 virus, in 1990. It wasn't until a year or more later that Dark Avenger's viruses began to employ polymorphic code.
Dark Avenger made frequent attacks on Bulgarian anti-virus researcher Vesselin Bontchev. Such is the case with the viruses V2000 and V2100, which claim to have been written by Bontchev, in an attempt to defame him.[8] This "conflict" between the two has led many to believe that Bontchev and Dark Avenger were intentionally "promoting" each other or that they might even be the same person.
Dark Avenger's actions were not treated as a crime at that time in Bulgaria, since there was no law for information protection.[8]
Polymorphic Engine
A polymorphic engine (sometimes called mutation engine or mutating engine) is a computer program that can be used to transform a program into a subsequent version that consists of different code yet operates with the same functionality. For example, 3+1 and 6-2 both achieve the same result, yet use completely different code.
Polymorphic engines typically work either by encrypting code, or obfuscating code, the latter of which may not involve any encryption at all.
Polymorphic engines are used almost exclusively by computer viruses, shellcodes and other malware, with the main purpose being to make it hard for virus scanners and other security software to detect and identify the body of the malware as traditional "fixed signatures" cannot usually be used.
The first polymorphic engine was called MtE (short for Mutation Engine). It was written in 1992 by a virus author who called himself 'Dark Avenger'.
A polymorphic packer is a type of polymorphic engine. A polymorphic packer is a software tool, which rolls up several kinds of malware into a single package, such as an e-mail attachment, and has the ability to make its "signature" mutate over time, so it is more difficult to detect and remove.
Das MTE oder Mutations Engine ist der erste Polymorphie-Programmgenerator für Computerviren. Das Programm wurde 1992 von dem Hacker Dark Avenger geschrieben und veröffentlicht.
Vor der Veröffentlichung des Generators wurden die meisten Viren durch Check-Summen von Antiviren-Programmen entdeckt. Jedoch machte die Mutations-Engine es möglich, dass selbst Viren von Anfängern stark polymorph waren. Dadurch entstand ein großes Problem für Hersteller von Antiviren-Software, da neue Erkennungsmethoden entwickelt werden mussten. Einige Hersteller konnten diese nicht entwickeln und stellten daher die Weiterentwicklung ihres Virenscanners ein.
Interview mit Sarah Gordon
One of the victims of Dark Avenger's viruses was Sarah Gordon, a computer security researcher. Gordon became intrigued with the virus and joined a virus-exchange Bulletin Board System ("BBS") in search of more information. Thus, she randomly came upon Dark Avenger, who was an avid visitor and BBS participant. The two came into contact and maintained it through e-mails for several years. Sarah Gordon later compiled most of these e-mails into a makeshift interview.
The interview offers the best available insight into Dark Avenger's personality and motives, and it contains some valuable information. Dark Avenger had previously stated on several occasions that "destroying data is a pleasure". However, in this "interview", he confesses that he regrets his actions, and that they were not right. The degree to which Dark Avenger exposes himself to Gordon has led many to believe that he held a deep affection for her. He even went as far as devoting one of his viruses to her.
It has been suggested by some virus writersVorlage:According to whom that the Dark Avenger personality was a social experiment and Gordon was the object of a study herself, while helping build the myth. Others have hypothesized that Gordon herself was Dark Avenger.
Einzelnachweise
- ↑ https://web.archive.org/web/20121022145450/http://www.research.ibm.com/antivirus/SciPapers/Gordon/Avenger.html Quelle xy
- ↑ https://bontchev.nlcv.bas.bg/
- ↑ a b Vesselin Bontchev: The Bulgarian and Soviet Virus Factories. Section 1 "How the story began". Archiviert vom Original am 10 December 2008. Abgerufen im 12 October 2009.
- ↑ a b Vesselin Bontchev: The Bulgarian and Soviet Virus Factories. Section 2.1 "The first Bulgarian virus". Archiviert vom Original am 10 December 2008.
- ↑ http://vx.org.ua/lib/static/vdat/ephearto.htm
- ↑ DBNL: Nieuw Letterkundig Magazijn. Jaargang 32 · dbnl (Niederländisch) In: DBNL . Abgerufen im 2 March 2020.
- ↑ Harry Mulisch: Harry Mulisch LOGBOEK 1991–1992. De Bezige Bij, Amsterdam 2012, ISBN 978 90 234 2836 7, S. 114, 115, 122-125.
- ↑ a b c Vesselin Bontchev: The Bulgarian and Soviet Virus Factories. Section 2.3 "The Dark Avenger". Archiviert vom Original am 10 December 2008.
Weblinks
- MtE downloads for three of its versions
- An interview of the Dark Avenger made by Sarah Gordon
- An interview of the Dark Avenger made by Sarah Gordon (another link)
- General psychological profile over virus writers I, by Sarah Gordon
- General psychological profile over virus writers II, by Sarah Gordon
- Many papers on virus writers by Sarah Gordon
- Dark Avenger Virus Information
- Heart of Darkness, by David S. Bennahum
- PDF-Download: The Bulgarian and Soviet Virus Factories von Veselin Boncev, 1991
- ITEspresso.de: Osteuropas Weg von der Malware-Brutstätte zum Eldorado für Security-Firmen von ?, 10. Februar 2015
- NYTimes.com: BULGARIANS LINKED TO COMPUTER VIRUS von ?, vom 21. Dezember 1990
