It was a clever trick. Teodor knew that on computers with two files of the same name the COM file is always loaded prior to the EXE file. So his little bug would get to the screen first, to taunt the operator with "Find Me!" messages. If the operator looked at his list of files he might notice that he had an extra COM file with the same name as one of his EXE files, but he generally wouldn't realize the significance. Even if he did, the bug would probably be one step ahead of him. From time to time, Find Me! would create a new COM file (always with the same name as an EXE file) and transfer itself to a new home, deleting the old one as it did so. In that way it continued to hop around the hard disk, usually well ahead of the increasingly irritated operator. It was possible to remove the bug completely, but it invariably took a few manhours of frustrating chasing.
Teodor also experimented with "stealth" viruses--silent, deadly, and almost undetectable bugs that evade antiviral software in much the same way that the Stealth plane evades radar detection. Stealth technology has been exploited by virus writers since 1986 (the Pakistani Brain virus has some stealth capability in that it is able to camouflage its presence on the boot sector), but Teodor's was the first that could add itself to a program file without, apparently, increasing the length of the file. Of course it was only an illusion: the virus would simply deduct its own length from the infected file whenever it was being examined.
With his stealth bug Teodor had more or less reached the pinnacle: there was little he could do to improve the programming of his latest virus except, perhaps, to add a destructive payload. But, for Teodor, destruction of data or programs was never the point. He wrote viruses as an intellectual challenge. None of his viruses had ever been intentionally damaging, though he had become aware that they could cause collateral losses. He had also realized that a completely harmless virus was an impossibility. All viruses, by their mere presence on a computer, can accidentally overwrite data or cause a system to crash. And the most dangerous of all, he thought, was an undetectable virus that could spread unstoppably, causing collateral damage without the operators even being aware they were under attack.
In 1989 Teodor decided to retire from virus writing. His own career up until then had, curiously, mirrored his friend Vesko's. While Teodor wrote viruses, Vesko wrote about them; as Teodor became more proficient at writing bugs, Vesko became more accomplished at analyzing them. By 1989 Vesko had become Bulgaria's most important virus researcher and a major contributor to Western literature on the subject. He had been invited to submit papers and to lecture at Western European computer security conferences: he was recognized as an authority on viruses, particularly those from Eastern Europe.
Vesko's reputation was due, in a large part, to having been in the right place at the right time. First, there were his friend Teodor's bugs. Teodor would often pass on the programming code to Vesko for analysis, who would then report on their capabilities in the local press and in Western journals. It was a convenient arrangement, and the resulting publicity would encourage other writers. Eventually, what became known as the Bulgarian virus factory started to pump out bug after bug, each more dangerous than the last, and Vesko was there to record it. He was in the eye of the storm, collecting viruses from all over Bulgaria as they spread from computer to computer. By 1991 he was reporting two new locally grown viruses each week.
In a country with so many bugs flying around, it was inevitable that Bulgarian computers would become overrun. Most computers in the country had been hit at least once; many had been hit with multiple viruses at the same time. Because Vesko was the country's leading authority on the malicious programs, he was eventually given responsibility for coordinating Bulgaria's effort to fight them off. He was constantly on call. Days he worked in his office in the Bulgarian Academy of Sciences, where he was given the dour title of Assistant Research Worker Engineer. Weekends and nights he continued the fight from his own cramped room on a borrowed Bulgarian clone of an IBM PC. He dealt with ten to twenty phone calls each day from institutions or firms that had been attacked by viruses.
By then the Bulgarian virus factory was in full production. It was no longer a matter of Vesko and his friend Teodor, one a researcher, the other a virus writer. Bulgaria had spawned some of the most skilled and prolific virus writers in the world.
