Spec & Goals 3 min
AQA Spec 3.6.1.3 — Malicious code (malware): virus, worm, trojan, ransomware, spyware
By the end of this lesson you can:
- Define malware.
- Describe a virus, worm, trojan, ransomware and spyware.
- State how malware can be protected against.
Warm-Up 5 min
Social engineering tricks the user; malware is the malicious software that often gets installed as a result — through a dodgy link, attachment or download.
Quick starter
A "free" game online asks you to install it. After installing, your files are locked and a message demands RM 500 to unlock them. What just happened?
Reveal the idea
The game was a disguise — a trojan — that installed ransomware, which encrypted your files and demanded payment.
Key Concept — malicious software 14 min
Malware (malicious software) is any program written to harm, disrupt or gain unauthorised access to a computer system.
The five types to know
| Type | What it does | Key feature |
|---|---|---|
| Virus | Attaches to a file/program; runs and spreads when that file is opened. | Needs a host file + the user to run it. |
| Worm | Self-replicates and spreads across networks on its own. | Spreads without a host file or user action. |
| Trojan | Disguised as useful/legitimate software; does harm once installed. | Relies on disguise; does not self-replicate. |
| Ransomware | Encrypts the victim's files and demands payment for the key. | Holds data "hostage" for money. |
| Spyware | Secretly monitors activity (e.g. keystrokes) and sends data to the attacker. | Steals information quietly. |
How to protect against malware
- Anti-malware / antivirus software that scans, detects and removes it.
- Firewalls to block suspicious network traffic.
- Keep software updated (automatic updates patch the holes malware exploits).
- Don't open unknown attachments/links; only download from trusted sources.
- Backups so ransomware can't hold your only copy hostage.
Worked Example — name that malware 12 min
Problem: Identify the malware type in each case and justify it.
| Scenario | Type | Why |
|---|---|---|
| A "PDF invoice" attachment installs a hidden program that records Mei Ling's passwords. | Spyware (a trojan delivered it) | Secretly monitors and steals information. |
| An infected USB file, once opened, copies itself into other documents. | Virus | Attaches to a host file and spreads when run. |
| A piece of code spreads itself to every PC on the school network overnight, with no one clicking anything. | Worm | Self-replicates across the network without user action. |
| All files are encrypted and a screen demands Bitcoin to unlock them. | Ransomware | Encrypts data and demands payment. |
Try It Yourself 12 min
Goal: Define malware.
Goal: Describe the difference between a virus and a worm.
Goal: A clinic in JB is worried about ransomware. List three measures that would reduce the risk and impact.
Hint: one should be about recovering data.
📝 Exam Practice 10 min
Define the term malware.
Mark scheme
- Malicious software designed to damage / disrupt / gain unauthorised access to a system (1).
Describe how a trojan infects a computer.
Mark scheme
- It is disguised as legitimate / useful software (1).
- The user installs/runs it, and it then performs harmful actions (1).
Explain why regular backups reduce the impact of a ransomware attack.
Mark scheme
- Ransomware encrypts the files and demands payment to restore them (1).
- With a recent backup, the data can be restored without paying the ransom (1).
Compare how a virus and a worm spread.
Mark scheme
- A virus attaches to a host file and spreads only when the user opens/runs it (1).
- A worm self-replicates and spreads across networks without user action (1).
Recap & Key Terms 3 min
Malware is malicious software. A virus needs a host file and a user; a worm self-replicates across networks; a trojan hides inside "useful" software; ransomware encrypts files for money; spyware secretly steals information. Defend with anti-malware, firewalls, updates, caution and backups.
- Malware
- Malicious software written to damage, disrupt or gain access to a system.
- Virus
- Malware that attaches to a file and spreads when the infected file is run.
- Worm
- Malware that self-replicates and spreads across networks without user action.
- Trojan
- Malware disguised as legitimate software that harms the system once installed.
- Ransomware
- Malware that encrypts the victim's files and demands payment to restore them.
- Spyware
- Malware that secretly monitors activity and sends information to an attacker.
Homework 1 min
Task (≤ 15 min): Make a one-page revision table of the five malware types. For each, write one sentence on what it does and one way to defend against it.
Model answer (shape)
Virus — spreads via infected files; defend with anti-malware + don't open unknown files. Worm — self-spreads on networks; defend with firewalls + patched software. Trojan — disguised software; defend by downloading from trusted sources only. Ransomware — encrypts files for money; defend with backups. Spyware — steals info silently; defend with anti-malware + updates.
Award marks for: correct behaviour for each type (up to 5); a valid defence for each (up to 5).