The Kill Chain – Facts behind the Fiction Part 11

Worms

The Kill Chain is the cybercrime thriller from Scotland’s newest writer, GJ Scobie, which is due to be published by Darkstroke on the 16th July 2022. This blog post is one in a series called Facts behind the Fiction, in which I take an aspect of the plot and provide factual background material, giving an insight into the real world of cyber security and those who work tirelessly to defend our networks and data.

So, what is a worm?

The generic term malware is used to describe all forms of bad computer code, programs or scripts that are designed to have an adverse effect on computer systems. A worm is malware and is self-replicating code that uses computer networks to transfer copies of itself to other computers without user intervention. It is this ability to self-propagate that is the main feature of a worm. I will blog separately about viruses, but the difference here is a virus needs some form of human intervention to spread, a worm does not.  It sets up resident in active computer memory and typically will consume processing resources on the computer, slowing it down and generally making it unusable.

There have been a number of well-known examples of worms, such as Code Red or Nimda (that is Admin backwards for those who like to know these things). Worms rely on a vulnerability present on the target computer systems so it can infect, then replicate itself and move another copy of its code to another vulnerable system. The challenge defenders face is once a worm is inside an organization, typically systems will trust each other. That network traffic is described as East-West, as opposed to North-South which denotes communication to and from the internet. Worms can take advantage of trust relationships and move from system to system quite easily. In 2017, the WannaCry ransomware attack which affected significant numbers of machines within the NHS in the UK, had a worm component, which exploited a vulnerability on Windows XP computers known as EternalBlue.

The most famous case of a worm dates from 1988 and is known as the Morris Worm. It is entertainingly documented in the book The Cuckoo’s Egg by Clifford Stoll. This book made me want to get into computer security. I won’t say anymore about the story, and recommend you read it.

Next time, viruses. What are they?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s