What is malicious software and what forms does it take?
Understand what malware is and the main forms, including viruses, worms, trojans, spyware and ransomware, and the harm each can cause.
A focused answer to AQA GCSE Computer Science 3.6, covering what malware is and the main forms (viruses, worms, trojans, spyware and ransomware) and the harm each can cause.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
AQA wants you to explain what malware is and describe the main forms (viruses, worms, trojans, spyware and ransomware) and the harm each can cause.
What malware is
Viruses, worms and trojans
The key contrast the exam tests is the method of spread. A virus is passive: it sits in a host file and needs the file to be run. A worm is active: it copies itself across a network on its own, which is why worms can spread far faster than viruses. A trojan spreads neither way by itself; it relies on tricking the user into installing it, which links to social engineering.
Spyware and ransomware
The harm caused
Malware can delete or steal data, slow or crash systems, capture passwords and banking details, lock users out of their files, and spread to other machines, causing serious financial cost and disruption. Different types cause different harm, so a good answer matches the harm to the type (spyware steals secretly, ransomware locks and demands payment).
How malware gets onto a system
Knowing how malware arrives helps explain how to defend against it. Common routes are: opening an infected email attachment or a malicious download (often a trojan disguised as useful software), clicking a link to a malicious website, plugging in an infected USB stick, or a worm exploiting an unpatched weakness across a network. Most of these routes rely on either a software vulnerability or a tricked user, which is why the main defences are anti-malware software to detect and remove malicious code, keeping software patched to close the weaknesses worms exploit, and user training so people do not open suspicious attachments or downloads.
Defending against malware
No single measure is enough, so defences are layered: anti-malware software scans files and blocks known threats; a firewall limits the network connections a worm could use to spread; regular, offline backups let data be restored after a ransomware attack without paying; software updates remove the vulnerabilities malware exploits; and user awareness reduces the trickery that delivers trojans and spyware. Matching each defence to the way a particular type of malware spreads is the key to a strong exam answer, rather than just listing "use antivirus".
Try this
Q1. State what malware is. [1 mark]
- Cue. Malicious software written to damage or gain unauthorised access to a computer system.
Q2. Describe how ransomware harms a victim. [2 marks]
- Cue. It encrypts the victim's files and demands a payment in exchange for the key to unlock them.
Exam-style practice questions
Practice questions written in the style of AQA exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
AQA 20184 marksExplain the difference between a computer virus and a worm, and describe one way each spreads.Show worked answer →
A virus attaches itself to a file or program and only spreads when the infected file is opened or run by a user, so it needs a host file and usually some user action to spread. A worm is self-replicating: it spreads by itself across a network, exploiting weaknesses, without needing a host file or any user action.
A virus spreads, for example, when an infected document is shared and opened; a worm spreads, for example, by copying itself to other computers on a network automatically.
Markers reward the key distinction (virus needs a host file and user action, worm spreads itself across a network) and a valid spreading method for each.
AQA 20214 marksA company is hit by ransomware. Describe what ransomware does, the harm it causes, and explain why keeping regular backups is an effective defence.Show worked answer →
Ransomware encrypts the victim's files so they cannot be opened, then demands a payment (a ransom) in exchange for the key to decrypt them. The harm is that the company loses access to its data and operations stop, and even paying does not guarantee the files are returned.
Regular backups are an effective defence because if the live files are encrypted, the company can restore its data from a recent, unaffected backup instead of paying the ransom, so the attacker loses their leverage. Backups should be kept disconnected so the ransomware cannot encrypt them too.
Markers reward the encrypt-and-demand-payment mechanism, the harm (lost access), and the backup point (restore instead of pay), ideally noting offline backups.
Related dot points
- Understand the main cyber security threats, including the difference between vulnerabilities and attacks, and forms such as brute-force and denial-of-service attacks.
A focused answer to AQA GCSE Computer Science 3.6, covering the main cyber security threats, the difference between vulnerabilities and attacks, and forms such as brute-force and denial-of-service attacks.
- Understand social engineering, including phishing, shouldering and pretexting, and why people are often the weakest point in security.
A focused answer to AQA GCSE Computer Science 3.6, covering social engineering, including phishing, shouldering and pretexting, and why people are often the weakest point in security.
- Understand the methods used to detect and prevent cyber security threats, including penetration testing, anti-malware, firewalls, user access levels, passwords and encryption.
A focused answer to AQA GCSE Computer Science 3.6, covering the methods used to detect and prevent cyber security threats, including penetration testing, anti-malware, firewalls, user access levels, passwords and encryption.
- Understand the role of the operating system and its functions, and the purpose of common utility software.
A focused answer to AQA GCSE Computer Science 3.4.6, covering the role and functions of the operating system and the purpose of common utility software.
Sources & how we know this
- AQA GCSE Computer Science (8525) specification — AQA (2020)