AlegsaOnline.com

Malware: definition, common types, history, prevention, and key distinctions

Comprehensive overview of malware: what it is, main types (viruses, trojans, spyware, ransomware), a brief history, detection and removal approaches, and how it differs from software bugs.

Author: Leandro Alegsa Creation date: November 13, 2022 Last updated: May 24, 2026

en.wikipedia.org · Public domain

Malware, short for malicious software, is any program deliberately created to harm, exploit, or evade the control of users and computer systems. It encompasses a broad set of hostile tools and techniques used to steal data, disrupt services, gain unauthorized access, or hold systems hostage. The general concept of malicious programs and their effects is discussed widely under the label malicious software, but the term strictly applies to software built with harmful intent rather than unintended defects.

Common types and typical behavior

Viruses — code that attaches to other programs or files and spreads when those hosts are executed. See more on viruses.
Worms — self-replicating programs that propagate across networks without needing to modify host files.
Trojan horses — software masquerading as legitimate applications that perform hidden malicious actions; often delivered by deceptive downloads or attachments. Related information: Trojan horses.
Spyware and keyloggers — tools that collect keystrokes, screen contents, or usage patterns to harvest credentials and personal data. See spyware.
Ransomware — software that encrypts files or otherwise denies access until a ransom is paid; a major vector for extortion. More on ransomware.
Rootkits and bootkits — low-level code that hides the presence of other malware and resists detection.
Botnets — collections of compromised devices controlled remotely for spam, distributed denial-of-service, or other campaigns.

Many varieties combine features: a Trojan may install a backdoor and then add the host to a botnet, or a worm may drop ransomware. Common characteristics include stealth, persistence (surviving reboots), evasion of security tools, and mechanisms for remote control or data exfiltration.

Malware has evolved alongside computing. Early experimental viruses and self-replicating code appeared in academic environments and hobbyist systems decades ago; by the 1980s and 1990s such programs became more widespread. High-profile incidents and the commercialization of the Internet accelerated development of organized criminal uses, professionalized toolkits, and nation-state capabilities. Over time delivery methods shifted from floppy disks and email attachments to web drive-by downloads, malicious advertising, social engineering, and supply-chain compromises.

Detection and prevention rely on layered defenses: signature-based scanners, heuristic and behavior analysis, network monitoring, timely operating system and application updates, and strong user practices (phishing awareness, least privilege, and backups). Security products and services—collectively described as computer security or anti-malware solutions—reduce risk but cannot guarantee complete protection. Removal can be difficult when malware embeds itself deeply or corrupts system components; in severe cases, rebuilding a system from known-clean backups is recommended.

It is important to distinguish deliberate malware from unintentional flaws. Software that causes harm due to coding errors or misconfiguration is generally categorized as a bug rather than malware. Legal definitions and forensic analysis focus on intent, capability, and observable behavior when classifying an incident. Understanding these differences matters for incident response, disclosure, and law enforcement.

Current trends include targeted extortion, supply-chain attacks, the growth of mobile and Internet-of-Things threats, and increasingly sophisticated evasion techniques. For individuals and organizations, maintaining layered defenses, regular backups, and a practiced incident response plan remain the most reliable ways to limit damage and recover when compromises occur.

Malware statistics 2011. Trojan horses accounted for the largest share at that time.

Circulation

In 2008, security companies such as F-Secure expected "one million new malware programs". According to this, around 25,000 new malware programs - so-called unique samples, i.e. malware with a unique "fingerprint" according to MD5 - reach specially set-up servers, e.g. honeypots, every day. In contrast, AV-Test was able to count ten million new malware programs in 2008 as early as mid-April 2008. A strong change in the spreading of malware can be seen: Trojan horses in e-mail file attachments are becoming increasingly rare, while attacks via the web, for example by means of drive-by download, are on the increase. In addition, the use of rootkit techniques to hide the malware is becoming more common. According to the Californian malware specialist Kindsight Security, an average of 13% of private computers in Germany were infected by malware in 2012. According to a 2014 security study by <kes> magazine and Microsoft, "infection by malware" has moved up to first place among threats to corporate IT. It has thus displaced "employee error and negligence" to second place. Seventy-four percent of study participants said they had been affected by malware incidents in the last two years. In the companies surveyed, e-mail was at the top of the list of infection paths. This is followed by web content that distributes malware via active content or "drive-by downloads".

Motivation

In 2006, a study looking at the motivations of malware developers came to the five primary conclusions:

Greed: Attacks are carried out in order to achieve a personal, material gain from them.
Curiosity: Attacks are carried out to satisfy personal curiosity.
Espionage: Attacks are carried out in order to obtain specific information.
Retaliation: Attacks are carried out to cause targeted damage and to satisfy personal emotions.
Conspiracy: Attacks are carried out to throw any pursuers off the scent.

A further component has now been added in the form of so-called cyber warfare, which goes far beyond simple espionage. A well-known example of sabotage by intelligence agencies was the network worm Stuxnet, which became known in 2010. This govware was used to manipulate Iranian nuclear facilities.

Questions and Answers

Q: What does malware stand for?

A: Malware stands for malicious software.

Q: What are the different types of malware?

A: The different types of malware are viruses, Trojan horses, spyware and ransomware.

Q: What can malware do to a computer?

A: Malware can steal passwords, delete files, collect personal information, or even stop a computer from working at all.

Q: How can computer security or anti-malware software help prevent malware from installing itself?

A: Computer security or anti-malware software can help prevent malware from installing itself by detecting and blocking it before it can do any harm.

Q: What happens when security software is not installed?

A: When security software is not installed, malware can easily get into the computer and cause damage.

Q: Is it easy to get rid of malware?

A: No, getting rid of malware can be difficult, even when using programs designed to remove it.

Q: Does unintended harm due to software bugs count as malware?

A: No, the term "malware" only refers to software that is intentionally designed to cause harm and works against users' expectations. Applications that may do unintended harm due to software bugs are not considered malware.

Author

AlegsaOnline.com - Malware - Leandro Alegsa

Creation date: November 13, 2022
Last updated: May 24, 2026

URL: https://en.alegsaonline.com/art/61107

Bibliographic references

theregister.co.uk : "The 30-year-old prank that became the first computer virus"
history-computer.com : "First computer virus of Bob Thomas"
washingtonpost.com : "How a grad student trying to build the first botnet brought the Internet to its knees"
pcworld.com : "Tech Talk: Where'd it Come From, Anyway?"
census.gov : "Computer and Internet Use in the United States"
microsoft.com : "The Evolution of Malware and the Threat Landscape – a 10-Year review"
mediacenter.pandasecurity.com : "Annual Report PandaLabs 2013 Summary"
blog.malwarebytes.org : "Cryptolocker Ransomware: What You Need To Know"
f-secure.com : "Virus: DOS/CIH"
securelist.com : "Keyloggers: How they work and how to detect them (Part 1)"
spectrum.ieee.org : "The Real Story of Stuxnet"
forbes.com : "Evidence Mounts That Chinese Government Hackers Spread Android Malware"
combofix.org : "How Malware Attacks And Spreads In Your Computer"
blogs.mcafee.com : "What is a "Drive-By" Download?"
infoworld.com : "Security pros slam Cnet Download.com's bundling"