Software Engineering; Security


Malware, or malicious software, is a form of software designed to disrupt a computer or to take advantage of computer users. Creating and distributing malware is a form of cybercrime. Criminals have frequently used malware to conduct digital extortion.



Malware, or malicious software, is a name given to any software program or computer code that is used for malicious, criminal, or unauthorized purposes. While there are many different types of malware, all malware acts against the interests of the computer user, either by damaging the user's computer or extorting payment from the user. Most malware is made and spread for the purposes of extortion. Other malware programs destroy or compromise a user's data. In some cases, government defense agencies have developed and used malware. One example is the 2010 STUXNET virus, which attacked digital systems and damaged physical equipment operated by enemy states or organizations. The earliest forms of malware were viruses and worms. A virus is a self-replicating computer program that attaches itself to another program or file. It is transferred between computers when the infected file is sent to another computer. A worm is similar to a virus, but it can replicate itself and send itself to another networked computer without being attached to another file. The first viruses and worms were experimental programs created by computer hobbyists in the 1980s. As soon as they were created, computer engineers began working on the first antivirus programs to remove viruses and worms from infected computers.

Public knowledge about malware expanded rapidly in the late 1990s and early 2000s due to several well-publicized computer viruses. These included the Happy99 worm in 1999 and the ILOVEYOU worm in May 2000, the latter of which infected nearly 50 million computers within ten days. According to research from the antivirus company Symantec in 2015, more than 317 million new malware programs were created in 2014. Yet despite public awareness of malware, many large organizations are less careful than they should be. In a 2015 study of seventy major companies worldwide, Verizon reported that almost 90 percent of data breaches in 2014 exploited known vulnerabilities that were reported in 2002 but had not yet been patched.

Malware consists of any software designed to cause harm to a device, steal information, corrupt data, confiscate or overwhelm the processor, or delete files.

Malware consists of any software designed to cause harm to a device, steal information, corrupt data, confiscate or overwhelm the processor, or delete files. Examples of malware include adware, viruses, worms, Trojans, spam, and zombies.
EBSCO illustration.

One of the most familiar types of malware is adware. This refers to programs that create and display unwanted advertisements to users, often in pop-ups or unclosable windows. Adware may be legal or illegal, depending on how the programs are used. Some Internet browsers use adware programs that analyze a user's shopping or web browsing history in order to present targeted advertisements. A 2014 survey by Google and the University of California, Berkeley, showed that more than five million computers in the United States were infected by adware.

Another type of malware is known as spyware. This is a program that is installed on a user's computer to track the user's activity or provide a third party with access to the computer system. Spyware programs can also be legal. Many can be unwittingly downloaded by users who visit certain sites or attempt to download other files.

One of the more common types of malware is scareware. Scareware tries to convince users that their computer has been infected by a virus or has experienced another technical issue. Users are then prompted to purchase “antivirus” or “computer cleaning” software to fix the problem.

Although ransomware dates back as far as 1989, it gained new popularity in the 2010s. Ransomware is a type of malware that encrypts or blocks access to certain features of a computer or programs. Users with infected computers are then asked to pay a ransom to have the encryption removed.


Combating malware is difficult for various reasons. Launching malware attacks internationally makes it difficult for police or national security agencies to target those responsible. Cybercriminals may also use zombie computers to distribute malware. Zombie computers are computers that have been infected with a virus without the owner's knowledge. Cybercriminals may use hundreds of zombie computers simultaneously. Investigators may therefore trace malware to a computer only to find that it is a zombie distributor and that there are no links to the program's originator. While malware is most common on personal computers, there are a number of malware programs that can be distributed through tablets and smartphones.

—Micah L. Issitt

Bradley, Tony. “Experts Pick the Top 5 Security Threats for 2015.” PCWorld. IDG Consumer & SMB, 14 Jan. 2015. Web. 12 Mar. 2016.

Brandom, Russell. “Google Survey Finds More than Five Million Users Infected with Adware.” The Verge. Vox Media, 6 May 2015. Web. 12 Mar. 2016.

Franceschi-Bicchierai, Lorenzo. “Love Bug: The Virus That Hit 50 Million People Turns 15.” Motherboard. Vice Media, 4 May 2015. Web. 16 Mar. 2016.

Gallagher, Sean. “‘Locky’ Crypto-Ransomware Rides In on Malicious Word Document Macro.” Ars Technica. Condé Nast, 17 Feb. 2016. Web. 16 Mar. 2016.

Harrison, Virginia, and Jose Pagliery. “Nearly 1 Million New Malware Threats Released Every Day.” CNNMoney. Cable News Network, 14 Apr. 2015. Web. 16 Mar. 2016.

Spence, Ewan. “New Android Malware Strikes at Millions of Smartphones.” Forbes., 4 Feb. 2015. Web. 11 Mar. 2016.

“Spyware.” Secure Purdue. Purdue U, 2010. Web. 11 Mar 2016.