Learning Objectives
  • Define malware as malicious software.
  • Describe the processes and aims of a virus, worm and Trojan horse.
  • Compare how the three malware types enter, spread or operate.
  • Select relevant anti-malware and update protections.
Key Terms
Malware
Software designed to perform harmful, unwanted or unauthorised actions.
Virus
Malware that attaches to a host file or program and spreads when the infected host is executed or shared.
Worm
Self-replicating malware that spreads between devices or across networks without needing to attach to a host file.
Trojan horse
Malware disguised as legitimate or desirable software so that a user installs or runs it.
Host file
A legitimate file or program to which a virus attaches.
Replication
Creating copies of malware so that it can spread.
Payload
The harmful action carried out by malware.
Anti-malware
Software that detects, blocks, quarantines or removes malicious software.
Summary diagram
Summary Of The Main Ideas In This Lesson
Malware As A Category

Malware means malicious software. It is a broad category rather than one single behaviour. Different malware types spread and act in different ways.

A strong answer identifies the process of the named malware and then gives its possible aim or payload. Possible harmful actions include corrupting data, monitoring a user, opening unauthorised access or disrupting operation.

The three malware types in this lesson are frequently confused. Their key distinction is how they are delivered or spread.

Viruses

A virus attaches itself to a host file or program. It becomes active when the infected host is executed. The virus can then copy itself to other suitable files or systems.

Human action often helps the spread because an infected file is opened, copied or shared. The virus may alter files, delete data or interfere with normal operation.

A virus is not simply any harmful program. The attachment to a host and activation through that host are defining features.

Worms

A worm is self-replicating malware. It can spread from one device to another, often across a network, without attaching itself to a host file in the same way as a virus.

Because a worm can spread automatically, it may replicate rapidly. The copies can consume network bandwidth or processing resources and can carry another harmful payload.

The main contrast is that a worm spreads independently, while a virus depends on an infected host file or program.

Trojan Horses

A Trojan horse is malicious software disguised as legitimate or desirable software. The attacker relies on the user being deceived into downloading, installing or running it.

Once executed, the Trojan can perform hidden harmful actions, such as creating unauthorised access, stealing information or installing additional malware.

A Trojan is defined by disguise and deception. It does not have to self-replicate. The name refers to software that appears useful or harmless while carrying a hidden threat.

Protection

Anti-malware software can scan files and activity for known or suspicious threats, quarantine detected items and remove malicious software. It must be kept updated so that it can recognise current threats.

Automating software updates helps close known vulnerabilities. Users should also avoid installing untrusted software or opening unexpected files. In syllabus answers, link the solution to the malware process: scanning can detect an infected file, while cautious installation reduces the opportunity for a Trojan.

Virus, Worm And Trojan Compared
Malware How It Operates Or Spreads Key Distinction
Virus Attaches to a host file or program and activates when the host is run Depends on an infected host
Worm Replicates and spreads independently, often across networks Self-replicating without a host file
Trojan horse Disguises itself as legitimate software and relies on the user running it Uses deception and does not need to replicate
Worked Examples
Identifying A Worm

Question: Malware automatically copies itself to other devices on a network without attaching to a user document. Identify it.

  1. Look for independent self-replication.
  2. Check whether a host file is required.

Answer: It is a worm because it self-replicates and spreads without attaching to a host file.

Explaining A Trojan

Question: A free utility appears useful but secretly installs software that gives an attacker access. Explain why it is a Trojan horse.

  1. Identify the legitimate appearance.
  2. Identify the hidden malicious action.
  3. Explain the role of user deception.

Answer: It is disguised as useful software so that the user runs it, while its hidden payload creates unauthorised access.

Examination Guidance
  • State the defining spread or delivery method before describing damage.
  • Use host file for a virus and self-replicating for a worm.
  • For a Trojan, explain that the user is deceived by its appearance.
  • Do not say anti-malware is effective if it is never updated.
Common Mistakes
  • Calling every malware type a virus.
  • Saying a worm must attach to a host file.
  • Saying a Trojan horse always replicates automatically.
  • Giving only the damage and not the infection or spread process.
Knowledge Check

1. What is malware?

Answer: Software designed to perform harmful, unwanted or unauthorised actions.

2. How does a virus spread?

Answer: It attaches to a host file or program and spreads when the infected host is executed or shared.

3. How is a worm different from a virus?

Answer: A worm self-replicates and can spread independently without attaching to a host file.

4. What is the defining feature of a Trojan horse?

Answer: It is disguised as legitimate or desirable software to deceive the user into running it.

5. How does anti-malware help?

Answer: It detects, blocks, quarantines or removes malicious software.