In the 1980s, there was no better place than Bulgaria for virus lovers. The socialist country – plagued by hyperinflation, crumbling infrastructure, food and petrol rationing, daily blackouts and packs of wild dogs in its streets – had become one of the hottest hi-tech zones on the planet. Legions of young Bulgarian programmers were tinkering on their pirated IBM PC clones, pumping out computer viruses that managed to travel to the gleaming and prosperous west.
In 1989, an article appeared in Bulgaria’s leading computer magazine saying the media’s treatment of computer viruses was sensationalist and inaccurate. The article, in the January issue of Bulgaria’s Computer for You magazine, titled The Truth About Computer Viruses, was written by Vesselin Bontchev, a 29-year-old researcher at the Institute of Industrial Cybernetics and Robotics at the Bulgarian Academy of Sciences in Sofia. Fear of computer viruses, Bontchev wrote, was turning into “mass psychosis”.
Any competent programmer, Bontchev claimed, could tell when files are corrupted by a virus. Infected files are bigger than uninfected files. They run slower. They do strange things, such as play tunes, draw Christmas trees on the screen and reboot computers. It was hard to miss a virus! Prevention through basic cyber hygiene was simple: “Do not allow other people to use your computer; do not use suspicious software products; do not use software products acquired illegally.”
Bontchev would come to regret this article. He had not appreciated that what may be an obvious virus to him may not be obvious to the secretary using a computer as a typewriter. Moreover, most users in Bulgaria did not have their own personal computers; they shared them.
When Bontchev wrote this dismissive article, he had not yet seen a virus. He was very surprised when two men walked into Computer for You’s office, where he used to hang out, and claimed to have a virus. They had read the articles about these strange new creatures in the magazine and wanted to show Bontchev the virus they had discovered in their small software company. The men not only reported that they had a virus; they also claimed to have written an antivirus program that eliminated it. They’d brought their laptop with them. The laptop had a virus on it, and when they ran their antivirus program, the virus disappeared.
Bontchev was both fascinated and horrified: fascinated because he had never seen a virus before (or a laptop, for that matter), horrified because the men had just killed it. Horror turned to panic when the men told him that they had purged the virus from their firm’s computers as well. Bontchev raced to their place of business looking for any remnants. He found a printout of the virus’s code in the garbage. He took it home and entered it – byte by byte – into his computer, careful not to make any mistakes. Bontchev eventually figured out that he had resurrected the virus commonly known as Vienna.
When he analysed Vienna, Bontchev was disappointed. He imagined something wondrous – self-reproducing computer programs should be elegant, fruits of some esoteric black art. A look under the hood, however, revealed it was not so pretty. Vienna was viciously destructive, but its code was crude and sloppy.
As Bontchev was studying Vienna, other Bulgarians began tinkering with malicious programs, too. One of Bontchev’s compatriots would soon become the most dangerous virus writer in the world – and Bontchev’s most bitter enemy.
Vienna is a simple virus, and therefore a good one with which to experiment. Bontchev passed up the opportunity, not wanting to sully his reputation. But Teodor Prevalsky, a friend of his, had fewer qualms. He was fascinated by the concept of artificial life and decided to explore its possibilities. After two days’ work at the Technical University, Bulgaria’s largest engineering school, Prevalsky produced a virus. Though he modelled it on Vienna, his virus did not destroy files – it only instructed the speaker to beep whenever it infected a file. In his diary for 12 November 1988, he recorded his accomplishment: “Version 0 lives.”
As the weeks went by, Prevalsky added new features to the virus. He also experimented with antivirus programs. All of Prevalsky’s creations were “zoo” viruses, specimens built for research purposes, not for releasing into the wild. Nevertheless, they escaped from the zoo. Indeed, a version of Vienna became the first Bulgarian virus to immigrate to the US.
Vienna was able to escape from Prevalsky’s computer because his computer was running a Microsoft operating system known as DOS – short for “disk operating system” – which had no security features. DOS was developed for individual use on small, inexpensive micro-computers, which hit the market in the mid-1970s with names such as Apple II, TRS-80 and Commodore. Security was not a priority or even a necessity for these personal computers, or PCs. Cybersecurity at this time was simple: to stop people from stealing your data, you had to lock your door.
Those who used personal computers, however, wanted to share their code. Young nerds hungered for new video games but didn’t want to pay for them. DOS wasn’t free, either, and bootleg copies freely circulated among PC users. Software piracy was normal in Bulgaria.
Prevalsky shared a computer with four other researchers, and they passed around floppy disks freely. Though Prevalsky took great care to keep his zoo viruses captive, they inevitably escaped. He had put them in cages with no locks.
But Prevalsky was disappointed that he could find no productive use for his creations. When released into the wild, even his “good” viruses had bad side-effects. As Prevalsky was becoming disillusioned with the virus business, Bontchev’s career was heating up. With admirable candour, he wrote an article in Computer for You confessing his earlier error. Viruses were clearly a growing problem, and Bontchev wanted to rectify his mistake. He began to analyse new viruses that were spreading around Bulgaria and published the results.
Bontchev’s articles detailing the dangers of viruses had an unintended consequence: they inspired more virus writers. His readers learned how to write viruses from these articles, and some tried to improve existing versions.
Soon, it seemed as though every computer programmer in Bulgaria felt the need to write a virus. A student from Plovdiv was mad at his tutor, so he wrote a virus to infect his files. He wrote two more viruses for his girlfriend as tokens of his affection. Two friends who were angry with their boss for not paying them wrote a virus as revenge that made the sound of shuffling paper when infecting files. This virus quickly escaped the lab.
People started speaking of the “Bulgarian virus factory”. The founder of the Virus Test Centre in Hamburg, Morton Swimmer, was quoted in a 1990 New York Times article: “Not only do the Bulgarians produce the most computer viruses, they produce the best.”
The Bulgarian virus factory was a factory in the Andy Warhol sense: a loose collective of young Bulgarian men (they were all men) who were highly intelligent and bored. Writing viruses became a source of intellectual stimulation and a form of social distinction.
By 1991, Bontchev was finding two new Bulgarian viruses a week. He spent his days fielding calls from firms attacked by viruses; he spent his nights and weekends studying these viruses. Bontchev was also a founding member of the Computer Antivirus Research Organization (Caro). Caro advocated for certain ethical principles of antivirus research. One of the most important was the strict prohibition of writing viruses. Caro treated computer viruses like biological weapons. The danger of their escaping the lab was deemed too high to justify experimentation.
Indeed, Caro helped create a schism between antivirus researchers and the general cybersecurity community. The community generally expects its members to have hacked, so that they would know how to defend against hackers. The practice is known as ethical or white-hat hacking. Any researcher who has written a virus would have been vetoed for membership in Caro. Though many in the antivirus industry have tinkered with viruses, it is not something they talk about.
Even before Bontchev published his warning article on viruses in Computer for You, someone
