Malware researcher strangely disappears

Status
Not open for further replies.
Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Zero Day blogger and malware researcher Dancho Danchev (right) has gone missing since August last year and we have some troubling information that suggests he may have been harmed in his native Bulgaria.

Dancho, who was relentless in his pursuit of cyber-criminals, last blogged here on August 18. His personal blog has not been updated since September 11, 2010.

At ZDNet, we made multiple attempts to contact him, to no avail. Telephone numbers are going to Bulgarian language voicemails and our attempts to reach him via a snail mail address also came up empty.

Over the last few months, we have contacted the Bulgarian CERT authorities and used anti-virus contacts there to help us figure out Dancho’s disappearance. No one can figure out what happened to Dancho.

Last month, we finally got a mysterious message from a local source in Bulgaria that “Dancho’s alive but he’s in a lot of trouble.” We were told that he’s in the kind of trouble to keep him away from a computer and telephone, so it would be impossible to make contact with him.

Just recently, a trusted member of the malware research community reached out to us to say he had received a troubling letter from Dancho on September 9, 2010, about the threat of persecution in Bulgaria.

Here is Dancho’s letter:

[Name redacted],

As I consider you as a trusted colleague, and someone who understands the big picture of cyber crime and cyber espionage, I’m attaching you photos of the “current situation in my bathroom”, courtesy of Bulgarian Law enforcement+intell services who’ve been building a case trying to damage my reputation, for 1.5 years due to my clear pro-Western views+the fact that a few months ago, the FBI Attache in Sofia, Bulgaria recommended me as an expert to Bulgarian CERT -> clearly you can see how they say “You’re Welcome”.

I’m sending you these not with the idea to see them published, but as an insurance in case things get ugly, knowing that a trusted third-party has access to these and can always distribute them to [redacted] mailing list members, and pretty much the entire industry, especially the press.


The LEO behind the whole operation: [ NAME REDACTED ]

I’m in a process of contacting journalists -> just in case.

I hope you’re the trusted industry contact that I think you are, and you’ll basically keep these somewhere safe. Thank you, and please use my PGP key.


Best regard
Click to expand...


Read more
 
Status
Not open for further replies.

Similar threads

Captain Awesome
    • Like
Malware News IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools
Replies
0
Views
216
Security News
Captain Awesome
Captain Awesome
Jack
    • Applause
    • Like
    • Thanks
Welcome Silversurfer to the MalwareTips Moderation Team!
Replies
36
Views
1,047
Announcements
Digmor Crusher
Digmor Crusher
Adrian Ścibor
    • Like
    • +Reputation
    • Hundred Points
AVLab.pl Cyber Transparency Audit Q2 2024 - "Transparency First. Then Trust"
Replies
6
Views
498
Security Statistics and Reports
Adrian Ścibor
Adrian Ścibor

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top