Trojan Horse


Paul Baccas

Sophos, UK
Editor: Helen Martin


Paul Baccas reviews Mark Russinovich's latest malware-themed thriller, Trojan Horse.

Title: Trojan Horse

Author: Mark Russinovich

Publisher: Thomas Dunne Books

ISBN-13: 978-1250010483

This book is set throughout North America, Europe, the Near East and China over eight days in April (in the present). As in the author’s previous novel, Zero Day, each chapter starts with a memo or a news article setting the scene or laying a thread for later in the book. We begin with power outages in an operating room and a malfunction on a train line for unknown reasons which set the scene for the story to come.

Next, we find ourselves in a UN bureaucrat’s office in Geneva, where said bureaucrat is wondering how a document he emailed to a colleague in the UK government had arrived containing errors that didn’t exist before he sent it. The document contained information about Iran’s nuclear program, and the original had concluded that the Iranians were near completion in the program. However, the ‘new’ document suggested that this was not the case – and was full of other errors as well (shades of Wazzu). Meanwhile, the recipient, in the UK Foreign Office, remembers that when he opened the file, it crashed ‘OfficeWorks’ – and so begins a tale that drags Jeff Aiken (ex-CIA) and Daryl Haugen (formerly NSA) to London, Geneva, Prague and Turkey.

The book describes the fictional ‘OfficeWorks’ as ‘the most commonly used word-processing program in the world ... [and in its current version] as bug-free as anything anywhere’. If Russinovich’s day job wasn’t at Microsoft I wonder whether he would have bothered to invent such a program. Elsewhere he refers to ‘a special version of [a] debugger obtained from friends at Microsoft’. Having spent a significant part of the past year dealing with threats leveraging MS Office formats to exploit Windows I find it jarring that the author wasn’t honest in naming the program, but it’s likely that my disappointment will only be shared by others in the security industry.

The descriptions of the infection vectors are not wholly realistic, but not unrealistic either. The technical details in tech-thrillers are often quite implausible – but the author has worked hard to make his more accurate, or at least plausible.

The book’s heroes, who are analysts, make believable mistakes: putting themselves in the firing line, not checking in with colleagues, and so on – the sort of mistakes that people who bear the knowledge they do (of an Android exploit that is being weaponized by a US government agency) really ought not to make. Such things make the story more believable and draw the reader in.

The website hosts a well executed video introduction to the book. When I reviewed Zero Day (see VB, May 2011, p.16) I indicated that the story was quite filmic and Trojan Horse certainly also has those qualities. Russinovich himself has talked about potential lead actors for a Hollywood version of the story and I wonder if he can be persuaded to allow those of us on the frontline of the fight against malware to be the extras!

My major complaint about what is a great thriller is the forward by the convicted hacker Kevin Mitnick – in my opinion, giving media oxygen to this self-promoted expert is a mistake. However, any other complaints I have are minor, and they did not detract from my enjoyment of the book.

Mark Russinovich is becoming increasingly accomplished at writing fiction and if you enjoyed Zero Day then you will enjoy Trojan Horse. The book is fast-paced and would even make a long haul flight seem like a short hop.



Latest articles:

VB2019 paper: Domestic Kitten: an Iranian surveillance program

In a fundamental regime that is constantly wary of anything that might jeopardize its stability, and a region that is a hotbed of political conflicts and dissensions, it is not surprising to discover a large‑scale surveillance campaign that keeps an…

VB2019 paper: DNS on fire

Cisco Talos has identified malicious actors that have been targeting the DNS protocol successfully for the past several years. In this paper, researchers Warren Mercer & Paul Rascagnères present two of the threat actors they have been tracking.

Dexofuzzy: Android malware similarity clustering method using opcode sequence

This paper proposes the use of the ‘Dalvik EXecutable Opcode Fuzzy’ (‘Dexofuzzy’) hash to find similar malware variants without the need for an analyst to have systematic or mathematical knowledge.

VB2019 paper: We need to talk – opening a discussion about ethics in infosec

Several professionals defend the notion that technology and ethics have nothing to do with each other. This paper presents various schools of thought pertaining to the philosophy of justice, and explores how they could help us solve some of the…

VB2019 paper: Inside Magecart: the history behind the covert card-skimming assault on the e-Commerce industry

Magecart is an umbrella term given to at least 12 cybercrime groups that are placing digital credit card skimmers on compromised e-commerce sites at an unprecedented rate and with frightening success. This paper presents a timeline of the Magecart…

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.