100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Cybersecurity

Malware

BeginnerConcept10.6K learners

Malware, short for malicious software, is any program or code intentionally designed to damage, disrupt, gain unauthorized access to, or otherwise harm a computer system, network, or its users.

Definition

Malware, short for malicious software, is any program or code intentionally designed to damage, disrupt, gain unauthorized access to, or otherwise harm a computer system, network, or its users.

Overview

Malware is an umbrella term covering many distinct categories of malicious software, each with different goals and behaviors. Viruses attach themselves to legitimate programs and spread when the infected program runs. Worms self-replicate and spread across networks without needing a host program or user action. Trojans disguise themselves as legitimate software to trick users into installing them. Spyware covertly monitors user activity, while a Rootkit hides its own presence and that of other malware deep within a system, and a Botnet is a network of malware-infected devices controlled remotely by an attacker. Ransomware, one of the most financially damaging malware categories today, encrypts victim data and demands payment for its release. Malware typically gains initial access to a system through Phishing emails, exploitation of unpatched software vulnerabilities, malicious downloads, or infected removable media, then executes its payload — which might steal data, provide the attacker remote access, encrypt files, or recruit the device into a botnet. Defending against malware involves multiple overlapping layers: traditional antivirus and modern Endpoint Detection and Response (EDR) tools to detect and block malicious code, network security controls like firewalls to limit how malware can communicate with attacker infrastructure, regular patching to close the vulnerabilities malware commonly exploits, and user training to reduce successful phishing-based delivery. Modern malware increasingly uses techniques specifically designed to evade detection — obfuscating its code, using legitimate system tools instead of dropping obviously malicious files ("living off the land"), or communicating with attacker infrastructure through encrypted, seemingly normal-looking traffic — which is a major reason security teams increasingly rely on behavior-based detection and proactive Threat Hunting rather than signature matching alone.

Key Concepts

  • Umbrella term covering viruses, worms, trojans, spyware, rootkits, and more
  • Delivered through phishing, exploited vulnerabilities, or malicious downloads
  • Payloads range from data theft to remote access to file encryption
  • Modern malware increasingly uses evasion techniques to avoid detection
  • Defended through layered controls: EDR, firewalls, patching, and training
  • Ransomware and botnets represent particularly damaging malware categories
  • Detection is shifting from signature matching toward behavior-based analysis

Use Cases

Classifying and understanding different categories of malicious software
Informing endpoint security and antivirus/EDR tool selection
Shaping network segmentation to limit malware's ability to spread
Guiding patch management priorities to close commonly exploited vulnerabilities
Investigating the payload and behavior of malware found during incident response
Designing user training to reduce malware delivered via phishing

Frequently Asked Questions