Learning Objectives
  • Describe how spyware secretly monitors or collects information.
  • Describe how adware displays or delivers unwanted advertising.
  • Describe how ransomware blocks access to data or systems and demands payment.
  • Compare the aims and effects of the three malware types.
Key Terms
Spyware
Malware that secretly monitors activity or collects information.
Adware
Software that displays or delivers unwanted advertising, sometimes while tracking user behaviour.
Ransomware
Malware that prevents access to data or a system, commonly by encrypting files, and demands payment.
Keystroke
A key press that spyware may record to collect entered information.
Monitoring
Observing user activity without appropriate permission.
Encryption by ransomware
Transformation of victim files so that the victim cannot use them without the decryption method.
Ransom
Payment demanded in exchange for claimed restoration of access.
Backup
A separate copy of data that may support recovery after data loss or ransomware, although backup is not one of the named syllabus solution bullets.
Summary diagram
Summary Of The Main Ideas In This Lesson
Spyware

Spyware is malware that secretly monitors a user or collects information. It may record keyboard input, observe browsing activity or collect personal and login information.

The user may not notice the monitoring. The aim can be to steal credentials, build a profile of the user or send collected data to another party.

Spyware threatens confidentiality because information is obtained without appropriate permission. Anti-spyware software is specifically included within the syllabus category of anti-malware.

Adware

Adware displays or delivers advertising, often in an unwanted or intrusive way. It may produce pop-up advertisements, redirect the user or insert promotional content.

Some adware tracks activity so that advertisements can be targeted. This creates a link with privacy concerns and can reduce system performance or interfere with normal use.

Not every advertisement is malware. The syllabus threat refers to adware as unwanted software behaviour, particularly when installed without clear informed permission or when it interferes with the user.

Ransomware

Ransomware prevents a user from accessing data or a system and demands payment. A common process is to encrypt the victim’s files so that they cannot be opened normally.

The attacker then displays a ransom demand and claims that payment will lead to restoration. The aim is financial extortion. Payment does not guarantee that access will be restored.

Ransomware primarily affects availability because authorised users cannot access their own data. It can also cause wider disruption if shared files or services are affected.

How Infection May Occur

These malware types can arrive through deceptive downloads, infected attachments, compromised software or exploited vulnerabilities. The delivery method may involve phishing or a Trojan horse, but the malware should be identified by its behaviour once installed.

For example, a fraudulent message may persuade the user to open an attachment. The social engineering and phishing describe the deception, while ransomware describes the malware that encrypts the files.

Protective Measures

Anti-malware that includes anti-spyware can detect and remove known threats. Automated software updates reduce vulnerabilities that malware can exploit. Authentication and access levels limit access to sensitive resources.

Users should check communications, links and unexpected files before acting. Privacy settings can reduce unnecessary information exposure, but they do not replace anti-malware protection.

Spyware, Adware And Ransomware Compared
Malware Main Process Typical Aim Or Effect
Spyware Secretly monitors activity or collects information Steals data or observes the user
Adware Displays or delivers unwanted advertising Generates advertising exposure and may track behaviour
Ransomware Locks a system or encrypts files and displays a demand Extorts payment by denying access
Worked Examples
Identifying Spyware

Question: A hidden program records every key pressed and sends the record to an attacker. Identify and explain the malware.

  1. Identify secret monitoring.
  2. Identify collection of typed information.

Answer: It is spyware because it secretly records the user’s keystrokes to collect information.

Ransomware Impact

Question: Files are encrypted and a payment demand appears. State the attack process and the security property mainly affected.

  1. Name the malware from the encryption and demand.
  2. Identify that authorised users cannot access their files.

Answer: Ransomware encrypts the files and demands payment. Availability is mainly affected because the user cannot access the data.

Examination Guidance
  • For spyware, describe secret monitoring or data collection.
  • For ransomware, include both denial of access and the payment demand.
  • Do not classify ordinary website advertising automatically as adware.
  • Where several threats appear in a scenario, identify each by its own process.
Common Mistakes
  • Saying spyware always deletes files.
  • Saying adware is any advertisement seen online.
  • Describing ransomware as simply stealing a password.
  • Claiming payment guarantees recovery from ransomware.
Knowledge Check

1. What does spyware do?

Answer: It secretly monitors activity or collects information.

2. What is the main behaviour of adware?

Answer: It displays or delivers unwanted advertising and may track behaviour.

3. How does ransomware commonly deny access to files?

Answer: It encrypts them so that the user cannot open them normally.

4. What does a ransomware attacker usually demand?

Answer: Payment, or a ransom, for claimed restoration of access.

5. Which anti-malware category is specifically named for spyware?

Answer: Anti-spyware.