Malicious code (malware)
Malware (malicious software) is any program designed to harm, exploit or steal from a system. Different families behave differently. AQA expects you to know viruses, worms, Trojans, spyware and ransomware, including how each spreads and what each does.
1. Virus
A program that attaches itself to another file (a document, an executable). When the user runs the host file, the virus runs too — replicating into other files.
Spread: opening infected files, infected email attachments.
Effects: file corruption, data deletion, hidden propagation. May install other malware.
2. Worm
A self-replicating program that spreads automatically across networks without needing a host file or user action.
Spread: exploits network vulnerabilities to copy itself between machines.
Effects: clogs network bandwidth, exhausts resources, may carry other payloads. Famous example: WannaCry (2017) used the EternalBlue exploit to spread worldwide in hours.
3. Trojan (Trojan horse)
Software that disguises itself as legitimate — a free game, a pirated app, a fake antivirus. Once the user runs it, hidden malicious functionality activates.
Spread: tricks users into installing voluntarily.
Effects: opens a backdoor, installs spyware, steals data. Trojans don't replicate themselves — they rely on the user.
4. Spyware
Software that secretly monitors user activity:
- Keyloggers record every keystroke (passwords, messages).
- Screen capture stores screenshots periodically.
- Browser trackers record sites visited and form data.
Spread: bundled with free downloads, email attachments, malicious websites.
Effects: identity theft, password theft, financial loss, personal data exposed.
5. Ransomware
Encrypts the user's files and demands a ransom payment for the decryption key.
Spread: phishing email with malicious attachment, infected download, exploit kits, RDP brute-force.
Effects: data inaccessible, business operations halted. Victims often pay (despite advice not to) and may not even get the key. Famous examples: WannaCry, NotPetya, REvil.
Comparison table
| Malware | Self-replicating? | Needs user action? | Primary effect |
|---|---|---|---|
| Virus | Yes (attaches to files) | Yes (run host file) | Corrupts/deletes files |
| Worm | Yes (autonomous) | No | Spreads, clogs networks |
| Trojan | No | Yes (install/run) | Backdoor / steal data |
| Spyware | Variable | Often yes | Steals information |
| Ransomware | Variable | Often via phishing | Encrypts files, demands payment |
How malware gets in
- Phishing emails with attachments or links.
- Drive-by downloads from compromised websites.
- Infected USB drives.
- Exploiting unpatched software (worms especially).
- Pirated software / cracks carrying Trojans.
- Malvertising — malicious code embedded in legitimate ad networks.
Defences against malware
- Antivirus / antimalware — scans for known signatures and suspicious behaviour.
- Patching — most malware exploits known vulnerabilities.
- Firewall — blocks unsolicited inbound connections used by some malware.
- User training — recognising phishing and avoiding pirated software.
- Backups — recover from ransomware without paying.
- Least privilege — limits damage if malware runs.
- Email filtering — blocks malicious attachments.
✦Worked example— Worked example — diagnose
A user reports their files have been renamed with a strange extension and a popup demands payment in Bitcoin.
- This is ransomware B1.
- Files have been encrypted; without the key, they are inaccessible B1.
- Best response: do not pay (no guarantee of recovery, encourages criminals); restore from backup; report to authorities B1.
⚠Common mistakes— Pitfalls
- Calling everything a "virus". Virus has a specific meaning; many things are worms, Trojans, etc.
- Saying "Macs / Linux can't get malware". Less common, but possible — and increasingly targeted.
- Ignoring spyware as "just adware". Spyware steals personal data; even "harmless" tracking can be exploited.
- Assuming antivirus alone is enough. Modern malware evades signature-based detection.
- Paying ransomware demands. No guarantee of recovery; funds further attacks.
➜Try this— Quick check
Identify the malware:
- A self-spreading network attack: worm.
- A "free game" that secretly logs keystrokes: Trojan + spyware.
- A virus pretending to be a Word file: virus delivered by social engineering.
- All your files become unreadable until you pay: ransomware.
AI-generated · claude-opus-4-7 · v3-deep-computer-science