Nigel paced about the shop. He was still rattled by the contents of that video. Every time he looked at the computer that contained the image, he thought of the video of the woman. Visions of Hunter attacking those police officers and slitting his throat overwhelmed him. He closed his eyes, then performed the breathing exercises that usually calmed him.
Nigel’s phone chirped; it was John Appleton.
“Nigel, what’s wrong?” John asked.
“Nothing’s wrong,” Nigel said.
“Then why did you call me five times?”
“I did? I just called you once.”
“No, five times. I have the call log to prove it.”
“Oh . . . I need your advice. I found something . . . bad, maybe illegal, on my first customer’s computer.”
“Does it involve . . . children?”
“I don’t think they are children. They appear to be in their late teens or early twenties.”
“Tell me what you saw on the computer, every detail,” John said.
Nigel relayed the gruesome details, not leaving anything out. John was silent for several moments.
“I don’t think you should view any more of his videos,” John said.
“Why not? I followed forensic best practices by working off an image of the computer.”
“It’s not that. I don’t think your customer has broken any laws. It sounds like he is making a science fiction movie. The people in the video are adults, right?”
“Yeah, it looks like it.”
“Then I would let it go. You don’t want to hurt your business with an accusation like this. If people think they can’t trust you, then you will not get any business. If one of your clients shows you pictures that’s one thing, but you shouldn’t be looking for them on their computer. You can clean any viruses, but don’t get into the habit of looking.”
Serves me right—I should not have involved John.
“Okay, thanks John.”
“Don’t mention it. How is everything in Newport? Are you settling in okay?”
“Yeah, our apartment is just above the business, so we don’t need to go far. Anyway, I should go. The client will be back any minute.”
“Take care of yourself, kid.”
Nigel finished removing the malware from Peter’s computer. Curious, he adjusted one of the network adapters on the laptop so it would analyze every packet it would send or receive. This meant that he could inspect everything that his computer would come into contact with. He turned up the logging settings and outputted it to a flash drive.
Stolen from Royal Road, this story should be reported if encountered on Amazon.
Something malicious is trying to get out of that image.
Nigel scrutinized the logged output and observed a distinct pattern. The computer was attempting to contact a command and control (C2) server. If this happened, the malware’s author could send additional instructions to the code. He used a special tailing command to send the contents of the log to one of his monitors. As soon as the malicious traffic patterns restarted, the logs would tell him.
Time to do a little dynamic analysis.
Using the image he’d acquired earlier, Nigel cloned Peter’s computer in a virtualized environment he could control. The conditions were as close to perfect as he was going to get.
Let’s detonate!
Nigel enabled the network connection and let the malware call home. Moments later, the malware used an open network connection to interface with the malicious server. His monitoring station lit up with activity, and he began reading the output in real time. He stopped the outbound network connection. Nigel noticed that when the malware found a live domain on its list, it shut down. If it found an inactive one, it would continue to function.
That makes no sense—wait! The malware authors created an impromptu kill switch to avoid detection. Time to create a sinkhole to capture that bad traffic.
Nigel constructed a server known as a sinkhole; this would allow him to send all malicious traffic to a server he controlled. Then he could analyze the bad outbound communications to find anomalous conditions that could give up the information about the adversary.
Nigel heard a ringing sound at the door.
Someone’s here!
“Is my computer ready?” Peter said, loud enough to stir Nigel out of his thoughts.
I didn’t hear him come in! I’d better work on my physical security measures.
“Almost—I’m running a final scan now,” Nigel said.
“What did you find? Did any of my files get accessed?”
“You mean by the malware?” Nigel asked.
“Yeah. I’m working on a project that I don’t want anyone to steal. I’ve heard some horror stories about people stealing intellectual property. I don’t want anyone to sell my content before I do,” Peter said.
“I noticed a lot of media files on your system. Are you a filmmaker?”
“Well, I’m creating content for a horror channel. But I’m creating a segment for a web show called Amateur Sleuths.”
“I’ve never heard of that show.”
“It’s put on by a guy who has millions of subscribers. These people pay him anywhere from five to fifty dollars a month for unlimited high-definition content.”
“What kind of content are we talking about?” Nigel asked.
Is he telling me the truth?
“It’s a documentary about revealing the truth about cyborgs living among us.”
“A-about what?” Nigel’s voice faltered.
Has he found Delta? he wondered in panic. No, it can’t be—she’s with Melissa in Scotland. I should play along here.
“It sounds fantastical, but I frequent many dark web sites that have truth about experiments that integrate human flesh with machines,” Peter explained. “It’s not that well known, but there are back-alley clinics in large cities that perform operations.”
“Do you have any proof?”
“Yes, the proof is on my computer.”
A beep emitted from the computer.
“Looks like the scan is complete. No more malware, but I found a rootkit on your computer.”
“What’s that?”
“It’s a piece of software that embeds itself into an area that is not normally accessible to other programs or users. It’s placed there by other malware, and it is malicious. The function of a rootkit is to hide itself from users as it steals passwords and keystrokes. It usually sends what it has gathered to another computer, but I couldn’t find any evidence that happened here,” Nigel explained.
Peter looked relieved.
“I recommend that you back up your computer and wipe it. I can do that for you for an extra charge.”
“How long will that take?”
“It’s a long process, and I’ll need the computer overnight—”
“No, that’s okay,” Peter said, cutting Nigel off.
“I would take care of that as soon as you can. The malware can come back.”
Peter paid for Nigel’s services, took his computer, then left the store.
Time to get back to work. That malware is trying to awaken its botnet army.