The Kill Chain – Facts behind the Fiction Part 12


The Kill Chain is the cybercrime thriller from Scotland’s newest crime writer, GJ Scobie, which will be published by Darkstroke on the 16th July 2022. This blog post is one in a series called Facts behind the Fiction, in which I take an aspect of the plot and provide factual background material, giving an insight into the real world of cyber security and those who work tirelessly to defend our networks and data.

So, what is a virus?

It is a piece of computer code that can replicate itself and infect other computer programs and systems through user intervention. There has to be some interaction by the user of the computer to cause the virus to copy itself. Typically when the program containing the virus is launched by the user, it will attempt to inject itself into other programs on that computer and continue to infect programs that the user subsequently runs. This process is triggered when the user launches a virus-infected program. To get rid of a virus on a computer, all copies of it need to be removed. Running a single instance or copy of a virus infected program is enough to reinfect the system.

Viruses can be memory resident. They can achieve this by having installed themselves into the operating system after the user has run a virus infected program. When the computer is started, the virus remains active in memory while the computer is running, infecting other computer programs as they are run, causing further infection. If the virus is a non-resident memory one, it needs to be executed by the user to cause infection. A good example is a macro virus, which exists as part of a script language in an application such as Microsoft Word or Excel.

A virus is typically delivered to a computer by clicking on a link in an email causing it to be downloaded from a website or by clicking on an email attachment that is infected with a virus. The virus payload can be a variety of things, from simply copying itself and never announcing its presence, to deleting files, slowing computers down, or producing unwanted ads or graphics. The more sophisticated ones can open up connections to the internet allowing cyber criminals to attach to your computer and steal data.

Viruses and the idea of self-replicating computer code has been researched since the nineteen fifties and has been detected on user owned home computers since the mid nineteen eighties. The best defence against them is to be wary of what you click on in emails and on websites, and ensure you have anti-virus software installed. The most common operating system for viruses is Microsoft Windows and Defender should already be installed for you to help protect against viruses and other forms of malware. Viruses do exist for other operating systems such as Macintosh and Linux and if you use these you should be aware that there is still a risk and install the appropriate protection software.

At the end of the day, viruses are just another computer program. However, it is not something anyone wants running on their networks. Even if the code is well-understood at the time of infection, it can have unpredictable consequences as the virus code cannot guarantee what it will attempt to infect and what data corruption may result.

There are many different types of viruses, categorised by how they infect computer programs and systems and how they behave when they are running. Some viruses attempt to hide themselves and try to avoid detection from anti-virus software. Others, described as polymorphic, change their code to try and evade detection. Looking at my bookshelves, I can see whole books devoted to the subject of computer viruses, so if you are interested in reading more, there is plenty of good material out there.

Next time, Trojans. What are they?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s