If you're seeing this message, it means we're having trouble loading external resources on our website.

If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked.

Main content

Computer malware

Malware is malicious software that's unknowingly installed onto a computer. Once installed, malware often tries to steal personal data or make money off of the user. Fortunately, there are multiple ways that users can protect their computing devices and networks.

Types of malware

Malware can take many forms:
A trojan horse is a harmful program that masquerades as a legitimate program, and is often downloaded onto computers by unknowing users. Once the user runs the program, it can start inflicting its damage.
A virus is self-replicating: it contains code that copies itself into other files on the system. Viruses may hide in the code of a legitimate program.
A worm is also self-replicating, but it copies itself into entirely different computers within the network. It can travel along networked protocols such as email, file sharing, or instant messaging. Many worms don't take any harmful action besides replicate themselves, but even those worms can disrupt a network by hogging bandwidth.
The most dangerous malware uses all three techniques, such as the ILOVEYOU worm that infected over 10 million personal Windows computers in the year 2000. Here's how it worked:
  • The trojan phase: First, a user opens an email with subject line ILOVEYOU in the email application Outlook. They excitedly discover a love letter for them and download the attachment. However, the "love letter" is actually an executable program.
  • The virus phase: The program searches for files on the operating system with certain extensions (such as JPG) and overwrites them with a copy of itself.
  • The worm phase: The program sends an email with the "love letter" to every contact in the Outlook address book. The cycle begins again!
The ILOVEYOU worm is estimated to have cost $5 to $15 billion in terms of removal, recovery, and lost productivity. It also led to new legislation in the Philippines (the home of the worm creators) that makes it illegal to unleash such destructive malware on the world. 1

The effects of malware

Once malware gets onto a computer, it can cause damage in multiple ways.
Spyware steals data and sends it back to the malware creators. A common form of spyware are keyloggers, programs that monitor everything a user types including, of course, their many passwords.
🔍 You can try out a simulated keylogger below. This one isn't sending any data to a server like a real keylogger would, but even so, it's better to not type in any real information.
Adware pops up advertisements to users. The ads either earn money for the malware creators or urge users to download other forms of malware.
Ransomware holds a computer hostage by encrypting user data or blocking access to applications, and it demands the user pay a ransom to the anonymous malware creators.
In 2017, the WannaCry computer worm spread through nearly 200,000 computers across 150 countries. The malware encrypted user data and only decrypted the data if the user paid $300 in Bitcoin to the creators. 2
A screenshot of the WannaCry ransom message
Cryptomining malware utilizes a computer's resources to mine for cryptocurrency. That allows the creators to earn cryptocurrency without needing to spend money on powering their own computers.


Attackers are constantly finding new ways to compromise systems. Fortunately, at the same time, security engineers are coming up with protection mechanisms.
A security patch is an update to the code of an application or the entire operating system, and often fixes a bug that's been exploited by malware. Computers, including mobile phones and hardware devices, should always keep up to date with security patches to reduce the risk of malware.
A firewall is a system that monitors incoming and outgoing network traffic to a computer or internal network, and determines what traffic to allow. Firewalls can do automated detection of suspicious traffic and can also be configured manually. Firewalls cannot identify and block all malware, but they are a useful line of defense for what they can identify.
Antivirus software protects an individual computer by constantly scanning files and identifying malware. Once an antivirus program finds a piece of malware, it can guide the user through deleting or repairing the file to be safe again. Of course, new kinds of malware are invented all the time, so antivirus programs must constantly update their list of known malware.
🙋🏽🙋🏻‍♀️🙋🏿‍♂️Do you have any questions about this topic? We'd love to answer—just ask in the questions area below!

Want to join the conversation?