Types of Malware: Virus, Worm, Trojan, Ransomware | AP Cybersecurity
Types of Malware Explained: Virus, Worm, Trojan, Ransomware & More
Malware is malicious software adversaries use to damage a device, steal data, or gain control. Topic 4.1 asks you to identify the type of malware from a scenario, so the exam tests whether you know each one by its defining behavior.
Contents
The malware types at a glance
Each type is defined by how it spreads or runs and what it does. The exam discriminates between them on exactly those traits, so this table is the fastest way to lock them in.
| Malware | How it spreads / runs | The tell |
|---|---|---|
| Virus | A user runs or opens a file | Needs a click |
| Worm | Spreads computer to computer on its own | No human interaction |
| Trojan / RAT | Hidden in software that seems harmless | A RAT adds remote access |
| Ransomware | Encrypts the device's files | Demands payment for the key |
| Spyware | Tracks a user's actions | Sends data back to the adversary |
| Keylogger | Logs keystrokes (software or hardware) | Captures usernames and passwords |
| Logic bomb | Triggers when conditions are met | e.g. a specific date |
| Rootkit | Embeds in the operating system | Hides itself from detection |
| Fileless | Lives in RAM, uses legitimate programs | No file to scan |
Malware spreads across an office network on its own, with no one clicking anything. Which type is it?
Reveal answer
A worm. The defining trait is spreading from computer to computer without human interaction, unlike a virus, which needs a user to run a file.
Needs a click = virus, spreads alone = worm, hides in real software = trojan, encrypts for payment = ransomware, hides in the OS = rootkit, lives in RAM = fileless.
Why the type matters
Each type points to a different defense and a different indicator. Most malware is one or more files that anti-malware software can scan for by signature. Fileless malware is the hard case: with no file to scan, behavior-based detection is needed instead.
Naming the type quickly tells a defender what to look for and how to respond, which is exactly the judgment the exam scenarios test.
Users suddenly cannot open their files and a screen demands payment for a decryption key. Which malware is this?
Reveal answer
Ransomware. It encrypts the device's files and demands payment within a time limit in exchange for the key.
WannaCry: a worm plus ransomware
The 2017 WannaCry outbreak combined a worm that spread across networks on its own with ransomware that encrypted files and demanded payment. It hit hospitals and businesses worldwide within hours.
Worm spread plus ransomware payload is a worst case.
Key Terms
| Virus | Malware that activates when a user runs or opens a file. |
| Worm | Malware that spreads computer to computer on its own. |
| Trojan | Malware hidden in software that seems harmless; a RAT adds remote control. |
| Ransomware | Malware that encrypts files and demands payment. |
| Rootkit | Malware that controls the OS and hides itself. |
Match It Up
Common Mistakes
Confusing viruses and worms
A virus needs a user to run a file; a worm spreads on its own.
Thinking a trojan announces itself
A trojan hides inside software that looks harmless; a RAT adds remote control.
Treating spyware and keyloggers as the same
A keylogger specifically records keystrokes; spyware is broader activity tracking.
Forgetting fileless malware
Fileless malware lives in RAM and uses legitimate programs, so file scanning may miss it.
Check for Understanding
Frequently Asked Questions
Get in Touch
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.
Prefer email? Reach me directly at [email protected]