Zero Day_ A Novel - Mark Russinovich [63]
In the case of his client, Jeff had decided that one of the viruses was designed to destroy financial records stored by SQL Server, one of the more popular databases used by midsize businesses. If this same payload was in the Social Security Administration records, or company pension records, or in the computers that controlled Wall Street, when the trigger kicked in, the damage would be incalculable. His sense of frustration and despair increased with each new discovery.
His work at the firm was about finished, though, one way or another. Sue was going to attempt a boot again later that night. He’d been too exhausted to stay for it. He’d find the results out soon enough.
Something like this had been coming at them for years, and for too long he’d felt like the lone sentry to realize it. Not that long ago a hacker had detected an exploit in the Excel program and had the nerve to offer it on eBay, in essence selling potential access to every computer online with a copy of Excel. How many was that? Ten million? Fifty million? With so many cloned programs and illegal copying, there was no way to know. Each one represented a doorway through which any cracker could send his malware. And the guy who’d discovered it sold the knowledge over the Internet as if he were peddling a used Ford!
Jeff had visited Web sites where anyone could download rootkit and other virus code. The creators were just giving the technology away. Any novice hacker with a rudimentary knowledge of viruses could now cloak his programs or discover a new, nastier virus.
Security firms named variants with letters of the alphabet. Some viruses had so many variants they wrapped around the alphabet three times. One virus alone was known to have two thousand versions.
The Sober worm, one of the most proliferative ever released, actually communicated with its creator. The guy wasn’t a dunce. The worm checked specified URLs on certain days to search for instructions on what destructive act to commit. The thing was, the URLs didn’t exist. The creator knew the ones he’d planted in the virus. When he was ready to give it instructions, he created the URL on the day he wanted to tell it what to do. How did you stop something like that? Jeff thought.
The number of businesses harmed by malware was increasing every month. The public only read about it when ABC, CNN, or the Financial Times was struck. Though thousands of new viruses or variants of old ones were released every year, the great harm was coming from the ones seeking financial gain. You could now hire people to write malware to make you a profit, and plenty of unscrupulous people were taking advantage of that.
If it wasn’t this time with Superphreak, Jeff thought, then soon enough such an attack would be mounted and bring the Internet, and a significant number of the computers connected to it, down for the count, requiring that everything be rebuilt from scratch. Billions of dollars’ worth of information would permanently be lost. Businesses and operations necessary to maintain the nation would stop in their tracks. Countless tens of thousands would be thrown out of work; companies would fail. The cost to the nation and to the world’s economy was all but incalculable. It would be what had happened to Fischerman, Platt & Cohen but on a worldwide scale.
Once the system was rebuilt, there could be no certainty the virus, or some variant of it, could not worm its way into the new system. The price to be paid for the current complacency was likely incalculable. Jeff couldn’t contemplate it without bile rising in his throat. But, on his own, what could he do about it? And even when he’d had access to the powers that be, fools such as Carlton hadn’t taken him seriously.
Jeff logged onto his laptop as he tore open the package from Daryl, revealing an external USB hard drive. He unfolded and read her hastily scribbled note: