Zero Day_ A Novel - Mark Russinovich [43]
But right now he needed a new base virus code. He already had the code for turning systems off and on. When he’d been given it, he’d had no idea what it did, but he’d spent some time studying the code and was now certain. At first it had scared the hell out of him, but once he realized that he was covering his tracks in ways that hadn’t occurred to Coder, he’d been thrilled at the possibilities. Someone was up to something big and he was a part of it.
Elaltuntas needed to place that code into a virus with a proven record of exploitation. His employer paid a flat one hundred euros for each new virus Elaltuntas produced, but added another hundred if it had a larger than average degree of exploitation. Elaltuntas didn’t know how his employer made that determination, but he’d been paid the extra hundred often enough these past weeks to figure his employer knew how to do it.
There! StopHackers.com. Crackers posted their virus codes in many places, but Elaltuntas had learned that Web sites that claimed to be fighting malware were actually a great source for the code. He suspected they actually existed for the purpose of disseminating it. It was posted right there on the Web site. Anyone could help himself.
Now that he’d copped the most obvious viruses and knew the remaining common viruses and their variants, he’d already used the best. Finding something for which a security patch didn’t yet exist was his dream, but he’d settle for a new virus or variant of an old standby that looked to have fresh access.
StopHackers.com was a new Web site to Elaltuntas. He scrolled through the boilerplate that the Web master had lifted from similar sites, then entered a chat room discussing various viruses at length. He found a lot of chatter about a new one out of Manila, home of the Lovebug, called Doomer. It was a network worm, which meant no attachment had to be opened for it to enter a computer, and gained access by exploiting a vulnerability in Windows XP. Excellent. But the best news was that Microsoft had yet to announce a patch. That meant he would likely have at least a month of smooth sailing, and an extra hundred Euros in his account.
None of this bothered him in the least. Since he’d been a small child, he’d enjoyed breaking things. Too often he’d been caught and punished. Now, on the Internet, he could smash the biggest of things and never be caught. He found it thrilling.
Elaltuntas copied the code, then dropped it into his own cracker file. He studied the new virus for a few minutes, but didn’t understand it. The inventor had been clever. Mentally shrugging, he searched for the point where he could insert his new code so that it rode piggyback into computers along with the virus. Shit! He went back to the Web site and read the entries in the chat room carefully. Thirty minutes later he found what he was looking for. Stupid! I should have spotted that on my own! Back into his own file, he pasted his own code into the location—tailor-made, it seemed, for just such an addition.
Let’s see. He customized the code he’d copied to infect an unattended computer, then downloaded the virus. The girl who owned it, Melek, had asked him to keep an eye on her laptop while she went out for lunch. He’d smiled and agreed. A few seconds later the worm announced it had successfully dropped itself on the target. It had taken. Excellent.
Back at his own computer he sent an e-mail from his Yahoo account.
Date: Tues, 15 August 15:56 —0800
He typed in the address.
From: Wiseguy Subject: new code hve the code inserted in new doomer. it tests. is attached. when will u send money? do u wnt more? Wiseguy Elaltuntas attached the new file and watched the Yahoo e-mail account go through