Trojan Horse


Paul Baccas

Sophos, UK
Editor: Helen Martin


Paul Baccas reviews Mark Russinovich's latest malware-themed thriller, Trojan Horse.

Title: Trojan Horse

Author: Mark Russinovich

Publisher: Thomas Dunne Books

ISBN-13: 978-1250010483

This book is set throughout North America, Europe, the Near East and China over eight days in April (in the present). As in the author’s previous novel, Zero Day, each chapter starts with a memo or a news article setting the scene or laying a thread for later in the book. We begin with power outages in an operating room and a malfunction on a train line for unknown reasons which set the scene for the story to come.

Next, we find ourselves in a UN bureaucrat’s office in Geneva, where said bureaucrat is wondering how a document he emailed to a colleague in the UK government had arrived containing errors that didn’t exist before he sent it. The document contained information about Iran’s nuclear program, and the original had concluded that the Iranians were near completion in the program. However, the ‘new’ document suggested that this was not the case – and was full of other errors as well (shades of Wazzu). Meanwhile, the recipient, in the UK Foreign Office, remembers that when he opened the file, it crashed ‘OfficeWorks’ – and so begins a tale that drags Jeff Aiken (ex-CIA) and Daryl Haugen (formerly NSA) to London, Geneva, Prague and Turkey.

The book describes the fictional ‘OfficeWorks’ as ‘the most commonly used word-processing program in the world ... [and in its current version] as bug-free as anything anywhere’. If Russinovich’s day job wasn’t at Microsoft I wonder whether he would have bothered to invent such a program. Elsewhere he refers to ‘a special version of [a] debugger obtained from friends at Microsoft’. Having spent a significant part of the past year dealing with threats leveraging MS Office formats to exploit Windows I find it jarring that the author wasn’t honest in naming the program, but it’s likely that my disappointment will only be shared by others in the security industry.

The descriptions of the infection vectors are not wholly realistic, but not unrealistic either. The technical details in tech-thrillers are often quite implausible – but the author has worked hard to make his more accurate, or at least plausible.

The book’s heroes, who are analysts, make believable mistakes: putting themselves in the firing line, not checking in with colleagues, and so on – the sort of mistakes that people who bear the knowledge they do (of an Android exploit that is being weaponized by a US government agency) really ought not to make. Such things make the story more believable and draw the reader in.

The website hosts a well executed video introduction to the book. When I reviewed Zero Day (see VB, May 2011, p.16) I indicated that the story was quite filmic and Trojan Horse certainly also has those qualities. Russinovich himself has talked about potential lead actors for a Hollywood version of the story and I wonder if he can be persuaded to allow those of us on the frontline of the fight against malware to be the extras!

My major complaint about what is a great thriller is the forward by the convicted hacker Kevin Mitnick – in my opinion, giving media oxygen to this self-promoted expert is a mistake. However, any other complaints I have are minor, and they did not detract from my enjoyment of the book.

Mark Russinovich is becoming increasingly accomplished at writing fiction and if you enjoyed Zero Day then you will enjoy Trojan Horse. The book is fast-paced and would even make a long haul flight seem like a short hop.



Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.