Recognizing Malware

What is Malware and How Does it Work?

The term “malware” refers to harmful software that disrupts or manipulates an electronic device’s normal operation.1 Malware can infect personal computers, smartphones, tablets, servers and even equipment — basically any device with computing capabilities.

The first form of malware ever developed was the computer virus.2 As technology, computing and software have advanced during the last two decades, so has the sophistication and prevalence of malicious software.

How does malware work?

Malware typically infects a machine by tricking users into clicking and/or installing a program that they shouldn’t from the Internet. When the click or installation occurs, the malicious code executes actions that the user doesn’t anticipate or intend, which could include:

Execution can be triggered by a number of user actions, but the most common trigger is a click, typically on a link or pop-up. The descriptions might say something provocative like, “Claim your prize” or “Your account has been compromised. Please log in and verify recent charges.” Many times, a pop-up will be displayed immediately after clicking the link, such as, “Your system is infected! Click here to run a scan.” The next click often triggers the download of a malicious payload, even if the user doesn’t select one of the options and instead tries to close the program using the corner X.

Malware can also be disguised as a program or app that claims to convert PDFs, unzip files, find product discounts or provide caller ID functionality on a smartphone. But once the program is downloaded, it begins making unauthorized changes on the system: monitoring user behavior, displaying pop-ups, changing search engine results, adding icons to a desktop or redirecting popular sites.

Malware types

Malware can be delivered in several different forms, depending on the intention of the person who developed it.


Ransomware is a relatively new form of malware that locks a user’s computer and then demands a ransom payment to restore access. Ransomware can be delivered to a computer if a user clicks on a link that contains malware.4

Similar to certain email phishing scams, this form of malware relies on fear—that is, the fear that a user has engaged in illegal activity online. By posing as a law enforcement agency, a ransomware purveyor can intimidate and coerce a user while seeming legitimate.

In other instances, ransomware will simply lock down a user’s entire machine, including important files and programs, and demand a payment. Ransomware may not only withhold access to a machine, but also threaten to delete files unless payment is made.

Protecting your devices from malware

Given the prevalence of malware (especially among apps) in recent years, anti-malware software has become common, and most new computers and mobile devices are bundled with device security and/or anti-malware software at the time of purchase. As malware and viruses most commonly infect PCs, you should be sure your Windows machine has the following:

Beyond these measures, be sure that you avoid downloading apps or programs from suspicious or unknown websites. Likewise, don’t click suspicious ads or popup ads. Finally, treat emails that request sensitive information with caution, even if they appear to be from a familiar source.

For more information on protecting against malware across different devices, see our Device Security Checklist.

Share Article