Zero Day_ A Novel - Mark Russinovich [64]
These are copies of disks we received late yesterday and today. Each has Superphreak and each has a rootkit, as you predicted. They are getting easier to find thanks to you. Each does something different. Three more deaths have been reported. I’m scared.
Jeff grimaced. He was scared himself. His ICQ icon blinked and the laptop chirped. He opened the instant-messaging system.
D007:
Did u gt CDs?
JA33:
Yes. Jst startng.
D007:
Paswrd is Rubicon. Weve ID’d 3 rootkits. We nw hv 8 diff functns so far 4 the cloaked viruses.
JA33:
Wht r thy?
D007:
Cnt tell. Sum seem related to $ recrds, othrs t admin functions, sum t industry contrls. Thy seem intended jst t jam things up.
JA33:
What am I lookng for?
D007:
These are t ones we couldn’t identify. See wht u can learn.
JA33:
I’ll try.
D007:
Thks
Jeff hoped that her confidence in him wasn’t misplaced. If her entire team couldn’t identify what she’d sent, he doubted that he could. For two hours he worked on the disk and made little progress other than to cover familiar ground, though he was getting faster at it. Finally, his attention was drawn to the time stamps on a number of files: Date modified: 09/11. The dates were off nearly a month. Odd.
Curious, he ran another forensic tool, then stopped cold as he read the results. That was it. It had to be. The trigger to the viruses was the date!
Jeff stood up and began pacing the room. Had he missed a changed date on the law firm’s computer? How many other infected computers had the wrong date somewhere in the software?
Then there was the date itself. It might be a fluke. Or perhaps Superphreak was using the date as a trigger to make a point.
Which raised still another issue—could all the Superphreak viruses be time-triggered? Was that something they’d missed? Could that be what happened at the hospitals? At the Ford plant? To the airplane?
Jeff’s heart was racing as he called Daryl. After several rings her sleepy voice answered.
“I’ve just come across something unusual on those CDs.” He told her about the modified dates, hearing the apprehension in his own voice.
“The trigger is the date 9/11?”
“I’ll check my client’s computer in the morning. Your team should follow up too.”
“Of course.” Daryl hesitated. “Jeff, what if—”
“I know,” he cut her off. “I’ve already considered the possibility that we’re actually dealing with Arab terrorists. But let’s not get ahead of ourselves. Let’s first see if it really is the trigger.”
No sooner had he disconnected than his cell phone rang.
“The monthly backup crashed and burned,” Sue said, sounding weary. “Just like the other.”
30
FORT DUPONT PARK, WASHINGTON, D.C.
WEDNESDAY, AUGUST 23
6:31 P.M.
George Carlton eased his BMW down the narrow, two-lane road, then pulled into an isolated picnic area. He sat there idling for five full minutes before switching off the ignition. It had been at least a year since he’d last used this drop box, and he was certain no one had followed him.
He’d had no idea how useful working surveillance for the Bureau would be. In fact, he wished he’d paid closer attention to his seasoned partner, because playing the part of the fox instead of the hound was daunting. It seemed simple enough to drop off a disk with information, but he knew how easy it was to fall into patterns.
During his time Carlton had played a small role in catching a Soviet operator working under embassy cover who’d returned to the same drop box too often. He’d been so predictable that the Bureau had set the location under surveillance, no longer bothering to follow him to the site. They’d had no trouble catching the American traitor who provided the Soviet operator with information, visiting the same drop box. From what Carlton knew, they’d turned the traitor into a double agent for a good two years, during which time he gave false information to the Soviets, before deciding his usefulness was gone and they had arrested the Russian, rolling up a spy ring.
So when Carlton had initially set up his locations with Fajer al Dawar, he’d insisted they