Trojan Horse


Paul Baccas

Sophos, UK
Editor: Helen Martin


Paul Baccas reviews Mark Russinovich's latest malware-themed thriller, Trojan Horse.

Title: Trojan Horse

Author: Mark Russinovich

Publisher: Thomas Dunne Books

ISBN-13: 978-1250010483

This book is set throughout North America, Europe, the Near East and China over eight days in April (in the present). As in the author’s previous novel, Zero Day, each chapter starts with a memo or a news article setting the scene or laying a thread for later in the book. We begin with power outages in an operating room and a malfunction on a train line for unknown reasons which set the scene for the story to come.

Next, we find ourselves in a UN bureaucrat’s office in Geneva, where said bureaucrat is wondering how a document he emailed to a colleague in the UK government had arrived containing errors that didn’t exist before he sent it. The document contained information about Iran’s nuclear program, and the original had concluded that the Iranians were near completion in the program. However, the ‘new’ document suggested that this was not the case – and was full of other errors as well (shades of Wazzu). Meanwhile, the recipient, in the UK Foreign Office, remembers that when he opened the file, it crashed ‘OfficeWorks’ – and so begins a tale that drags Jeff Aiken (ex-CIA) and Daryl Haugen (formerly NSA) to London, Geneva, Prague and Turkey.

The book describes the fictional ‘OfficeWorks’ as ‘the most commonly used word-processing program in the world ... [and in its current version] as bug-free as anything anywhere’. If Russinovich’s day job wasn’t at Microsoft I wonder whether he would have bothered to invent such a program. Elsewhere he refers to ‘a special version of [a] debugger obtained from friends at Microsoft’. Having spent a significant part of the past year dealing with threats leveraging MS Office formats to exploit Windows I find it jarring that the author wasn’t honest in naming the program, but it’s likely that my disappointment will only be shared by others in the security industry.

The descriptions of the infection vectors are not wholly realistic, but not unrealistic either. The technical details in tech-thrillers are often quite implausible – but the author has worked hard to make his more accurate, or at least plausible.

The book’s heroes, who are analysts, make believable mistakes: putting themselves in the firing line, not checking in with colleagues, and so on – the sort of mistakes that people who bear the knowledge they do (of an Android exploit that is being weaponized by a US government agency) really ought not to make. Such things make the story more believable and draw the reader in.

The website hosts a well executed video introduction to the book. When I reviewed Zero Day (see VB, May 2011, p.16) I indicated that the story was quite filmic and Trojan Horse certainly also has those qualities. Russinovich himself has talked about potential lead actors for a Hollywood version of the story and I wonder if he can be persuaded to allow those of us on the frontline of the fight against malware to be the extras!

My major complaint about what is a great thriller is the forward by the convicted hacker Kevin Mitnick – in my opinion, giving media oxygen to this self-promoted expert is a mistake. However, any other complaints I have are minor, and they did not detract from my enjoyment of the book.

Mark Russinovich is becoming increasingly accomplished at writing fiction and if you enjoyed Zero Day then you will enjoy Trojan Horse. The book is fast-paced and would even make a long haul flight seem like a short hop.



Latest articles:

LokiBot: dissecting the C&C panel deployments

First advertised as an information stealer and keylogger when it appeared in underground forums in 2015, LokiBot has added various capabilities over the years and has affected many users worldwide. This paper analyses the URL structure of the LokiBot…

VB2019 paper: The cake is a lie! Uncovering the secret world of malware-like cheats in video games

With more than 2.5 billion gamers from all over the world, it’s no wonder that at least a fraction of them would bring into action additional tools to gain an unfair advantage over their opponents in the virtual world. This is one of the many reasons…

VB2019 paper: Rich Headers: leveraging this mysterious artifact of the PE format

Ever since the release of Visual Studio 97 SP3, Microsoft has placed an undocumented chunk of data between the DOS and PE headers of every native Portable Executable (PE) binary produced by its linker without any possibility to opt out. The data…

VB2019 paper: Medical IoT for diabetes and cybercrime

This paper evaluates the threats diabetic patients face when they use smart glucose monitoring devices.

VB2019 paper: Spoofing in the reeds with Rietspoof

Rietspoof is a piece of malware that is multi-staged, using different file types throughout its infection chain. It contains several types of stages – both extractors and downloaders; the fourth stage also contains support for remote-control…

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.