January 31, 2011 | 5 Comments | Mark Russinovich
The Road to Zero Day: Idea to Manuscript
My idea for writing Zero Day originates back in the early 2000’s. It was then that a string of new, explosive virus outbreaks brought malware to the public’s attention. The first automatically spreading virus, called a worm, was Happy99. It spammed an infected user’s contacts and when received simply wished the recipient a happy New Year in 1999 with a small fireworks display:
Several similar worms followed, including Melissa, ILOVEYOU, and the Anna Kournikova Virus.
Up to this point the viruses were simply a nuisance and only affected systems and networks as a side-effect. Code Red, which hit in mid-2001, was first in a quick succession of new fast-spreading worms that moved between computers by exploiting vulnerabilities in network applications and that caused significant disruption and financial damage. Code Red infected over 250,000 systems in 9 hours and Nimda (Admin spelled backward) spread so fast that it slowed the Internet and penetrated millions of systems within half an hour of its release.
2002 was relatively quiet, but 2003 was an active year for major attacks. It brought Slapper, Blaster, Sobig and Sober, each one crashing systems, shutting them down, or flooding networks and inboxes. SQL Slammer doubled in size every 8.5 seconds, infected 90% of vulnerable hosts within 10 minutes, and indirectly caused the shut down of 13,000 Bank of America ATMs.
2004 brought more of the same and in 2005 virus writers started leveraging rootkit techniques, which bury a virus deep in a system and cloak their presence from standard diagnostic and administration utilities. I even ran into a rootkit, one I discovered on a Sony music CD-ROM, that shot me into the mainstream press for my “15-seconds of fame”, including a brief appearance on the Today Show.
In all the cases where the perpetrator was identified, it turned out to be a lone hacker, sometimes a high school student. Imagine if a group of sophisticated hackers collaborated to develop a family of viruses that used new exploits to spread slowly, casting a wide net and running beneath the radar of the antimalware companies. And then imagine those viruses deleting the data on the systems they infected. It didn’t take much imagination to realize that malware would be an ideal weapon: low cost, nearly impossible to trace, and incredible destructive potential. It seemed the cybersecurity community was focused entirely on cybercrime with no focus on cyber war, or the even bigger threat created by the difficulty of retaliation, cyber-terrorism. I felt the need to raise awareness and thought there was no better way than to entertain in the process.
In early 2005, I sketched the characters and plot for Zero Day and began writing. I finished the first draft in mid-2006, about the time I joined Microsoft, and based on the feedback of friends and family was confident that it was as good as or better than many in the thriller genre I had read. The several books on novel writing I bought indicated that the next step was to find an agent. With my established technical credentials as a coauthor of the non-fiction Windows Internals book, the audience reach I had via my technical blog and the Sysinternals web site, and the notoriety the Sony rootkit story had brought me, I was sure I would have no trouble finding an agent eager to represent Zero Day.
Stay tuned for my next post, The Road to Zero Day: Agent to Publisher.