Trojan Horse


Paul Baccas

Sophos, UK
Editor: Helen Martin


Paul Baccas reviews Mark Russinovich's latest malware-themed thriller, Trojan Horse.

Title: Trojan Horse

Author: Mark Russinovich

Publisher: Thomas Dunne Books

ISBN-13: 978-1250010483

This book is set throughout North America, Europe, the Near East and China over eight days in April (in the present). As in the author’s previous novel, Zero Day, each chapter starts with a memo or a news article setting the scene or laying a thread for later in the book. We begin with power outages in an operating room and a malfunction on a train line for unknown reasons which set the scene for the story to come.

Next, we find ourselves in a UN bureaucrat’s office in Geneva, where said bureaucrat is wondering how a document he emailed to a colleague in the UK government had arrived containing errors that didn’t exist before he sent it. The document contained information about Iran’s nuclear program, and the original had concluded that the Iranians were near completion in the program. However, the ‘new’ document suggested that this was not the case – and was full of other errors as well (shades of Wazzu). Meanwhile, the recipient, in the UK Foreign Office, remembers that when he opened the file, it crashed ‘OfficeWorks’ – and so begins a tale that drags Jeff Aiken (ex-CIA) and Daryl Haugen (formerly NSA) to London, Geneva, Prague and Turkey.

The book describes the fictional ‘OfficeWorks’ as ‘the most commonly used word-processing program in the world ... [and in its current version] as bug-free as anything anywhere’. If Russinovich’s day job wasn’t at Microsoft I wonder whether he would have bothered to invent such a program. Elsewhere he refers to ‘a special version of [a] debugger obtained from friends at Microsoft’. Having spent a significant part of the past year dealing with threats leveraging MS Office formats to exploit Windows I find it jarring that the author wasn’t honest in naming the program, but it’s likely that my disappointment will only be shared by others in the security industry.

The descriptions of the infection vectors are not wholly realistic, but not unrealistic either. The technical details in tech-thrillers are often quite implausible – but the author has worked hard to make his more accurate, or at least plausible.

The book’s heroes, who are analysts, make believable mistakes: putting themselves in the firing line, not checking in with colleagues, and so on – the sort of mistakes that people who bear the knowledge they do (of an Android exploit that is being weaponized by a US government agency) really ought not to make. Such things make the story more believable and draw the reader in.

The website hosts a well executed video introduction to the book. When I reviewed Zero Day (see VB, May 2011, p.16) I indicated that the story was quite filmic and Trojan Horse certainly also has those qualities. Russinovich himself has talked about potential lead actors for a Hollywood version of the story and I wonder if he can be persuaded to allow those of us on the frontline of the fight against malware to be the extras!

My major complaint about what is a great thriller is the forward by the convicted hacker Kevin Mitnick – in my opinion, giving media oxygen to this self-promoted expert is a mistake. However, any other complaints I have are minor, and they did not detract from my enjoyment of the book.

Mark Russinovich is becoming increasingly accomplished at writing fiction and if you enjoyed Zero Day then you will enjoy Trojan Horse. The book is fast-paced and would even make a long haul flight seem like a short hop.



Latest articles:

Guest article: Threat analysis report Save Yourself malware

VB2019 Platinum partner Reason Cybersecurity presents a threat analysis report on the Save Yourself malware.

VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles

The number of incidents attributed to the Lazarus Group, a.k.a. Hidden Cobra, has grown rapidly since its estimated establishment in 2009. In this paper, ESET researchers Peter Kalnai and Michal Poslusny look at various cells within the group, that…

VB2018 paper: Fake News, Inc.

As the world grapples with massive disinformation campaigns waged by the intelligence agencies of hostile nations, we should not forget that such activities are not limited to the purview of the Bears or Pandas of the world, and that even relatively…

Alternative communication channel over NTP

Nikolaos Tsapakis explores Network Time Protocol (NTP) as an alternative communication channel, providing practical examples, code, and the basic theory behind the idea.

VB2018 paper: Under the hood: the automotive challenge

In an average five-year-old car, there are about 30 different computers on board. In an average new car, there are double that number, and in some cases up to 100. That’s the size of network an average SMB would have, only there’s no CIO/CISO, and…

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.