Malicious software People and computers are very different from one another. There's one way that we're alike. You know how? We're both  vulnerable to getting an infection. While humans can be infected by a virus  that causes a cold or flu, computers can be infected by malware.  Malware is software designed to harm devices or networks. Malware, which is short for malicious software, can be spread in many ways. For example, it can be  spread through an infected USB drive. Or also commonly spread between computers online.  Devices and systems that are connected to  the internet are especially vulnerable to infection. When a device becomes infected,  malware interferes with its normal operations. Attackers use malware to take control of  the infected system without  the user's knowledge or permission. Malware has been a threat to people and  organizations for a long time. Attackers have created many different strains of malware. They all vary in how they're spread.  Five of the most common types of malware are a virus,  worm, trojan, ransomware, and spyware. Let's take a look at how each of them work.  A virus is malicious code written to interfere with  computer operations and cause  damage to data and software. Viruses typically hide inside of trusted applications. When the infected program is launched, the virus clones itself and  spreads to other files on the device. An important characteristic of  viruses is that they have to  be activated by the user to start the infection.  The next kind of malware doesn't have this limitation. A worm is malware that can  duplicate and spread itself across systems on its own. While viruses require users to perform  an action like opening a file to duplicate, worms use an infected device as a host. They scan the connected network for other devices. Worms then infect everything on the network  without requiring an action to trigger the spread.  Viruses and worms are delivered through  phishing emails and other methods  before they infect a device. Making sure you click links only from  trusted sources is one way  to avoid these types of infection. However, attackers have designed  another form of malware that  can get past this precaution.  A trojan, or Trojan horse,  is malware that looks like a legitimate file or program. The name is a reference to  an ancient Greek legend that's set in the city of Troy. In Troy, a group of soldiers hid inside  a giant wooden horse that was  presented as a gift to their enemies. It was accepted and brought inside the city walls. Later that evening, the soldiers inside  of the horse climbed out and attacked the city. Like this ancient tale,  attackers design trojans to appear harmless. This type of malware is typically disguised as files or  useful applications to trick  their target into installing them.  Attackers often use trojans to gain access and  install another kind of malware called ransomware. Ransomware is a type of malicious attack where attackers  encrypt an organization's data and  demand payment to restore access. These kind of attacks have become very common these days. A unique feature of  ransomware attacks is that they  make themselves known to their targets. Without doing this, they  couldn't collect the money they demand. Normally, they decrypt the hidden data  as soon as the sum of money is paid. Unfortunately, there's no guarantee  they won't return to demand more.  The last type of malware I want to mention is spyware. Spyware is malware that's used to  gather and sell information without consent. Consent is a keyword in this case.  Organizations also  collect information about their customers,  like their browsing habits and purchase history. However, they always give  their customers the ability to opt out. Cybercriminals, on the other hand, use spyware to steal information.  They use spyware attacks to  collect data like login credentials,  account PINs, and other types of  sensitive information for their own personal gain.  There are many other types of malware besides  these and new forms are always evolving. They all pose a serious risk  to individuals and organizations. Next time, we'll explore how  security teams detect and remove these kinds of threats.