Dancho Danchev

Dancho Danchev is a Bulgarian Internet security analyst.

Career

Danchev is known for discovering computer virus and spamming attacks as they surface on the Internet, and providing details on the new threats. As a security researcher, he has been the first person to report major malware campaigns as they begin to take form. Danchev has also discussed the use of new technology, like USB keys, and their potential effects on the internal security of the computer systems of major corporations. Danchev reports on the use of new technology or methods of breaking through Internet security protocols as well.

His blog posts and articles have included explanations of the overall landscape of the underground malware industry in countries like Russia and China, in addition to the use of the Internet by [...] networks. The entities he has reported on include volunteer militias of hackers that independently attack the servers of enemy nations while their countries are in the midst of military operations, such as Russia's involvement in Georgia. In 2009 he discovered that The INDIAN embassy in Spain had been taken over to serve malware to those who visited the site. He also reports on the hacking of major corporate websites.

Specific attacks that Danchev provided initial analysis for include a "Chinese hacktivist" attack on CNN.com in 2008; the Operation Ababil attack on Wells Fargo, U.S. Bank and PNC Bank; a 2009 malicious comment attack on YouTube and Digg.com; a large 2010 blackhat SEO campaign affecting both Bing and Google searches; a 2009 New York Times malvertisement attack; and a 2010 attack on Network Solutions.

Koobface investigations

In February 2010 Danchev posted an article called "10 things you didn't know AbOUT the Koobface gang", discussing various interactions he has had with them (they once redirected the Facebook website to his blog) and other pieces of information. In May the creators of the malware then forced its network to post a point by point response to the article on the screens of all the computers they had infected. Danchev continued his investigations into the gang, eventually posting the full biographical details of some of its members on his blog.

2010 Disappearance

In late 2010 ZDNet, which Danchev co-wrote, reported that he had disappeared from home in Bulgaria and was feared harmed. On September 11, 2010 he submitted what would be his final post of the year, writing about a "cyber jihad" and during that month he also sent letters to friends stating that he was concerned that he was under surveillance. After his disappearance ZDNet received a message stating that "Dancho's alive but he's in a lot of trouble". He resurfaced in January 2011.