Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other malicious and unwanted software or program. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U.S. states, including California and West Virginia.
Preliminary results from Symantec published in 2008 suggested that "the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications." According to F-Secure, "As much malware [was] produced in 2007 as in the previous 20 years altogether." Malware's most common pathway from criminals to users is through the Internet: primarily by e-mail and the World Wide Web.
The prevalence of malware as a vehicle for organized Internet crime, along with the general inability of traditional anti-malware protection platforms (products) to protect against the continuous stream of unique and newly produced malware, has seen the adoption of a new mindset for businesses operating on the Internet: the acknowledgment that some sizable percentage of Internet customers will always be infected for some reason or another, and that they need to continue doing business with infected customers. The result is a greater emphasis on back-office systems designed to spot fraudulent activities associated with advanced malware operating on customers' computers.
On March 29, 2010, Symantec Corporation named Shaoxing, China, as the world's malware capital.
A 2011 study from the University of California, Berkeley, and the Madrid Institute for Advanced Studies published in Software Development Technologies, “Measuring Pay-per-Install: The Commoditization of Malware Distribution," examined how entrepreneurial hackers are helping enable the proliferation of malware by offering access for a price (from $7 to $180 per thousand infections) and make up an informal underground Pay-Per-Install (PPI) industry. The study's authors identified more than 57 malware “families," including spam bots, fake antivirus programs, information-stealing trojans, denial-of-service bots and adware. To avoid detection by anti-virus software, malware distributed by PPI services is on average repacked every 11 days, with one observed family of malware repacking up to twice a day. Although most common families of malware targeted both Europe and the United States, there were some families with a single-country focus and some families with no geographic bias. In terms of cost per thousand infections, the United States and Great Britain were at the high end ($100 to $180), other European countries at $20 to $160, and the rest of the world below $10, the study found.
Microsoft reported in May 2011 that every one in 14 downloads from the Internet may now contain malware code, according to the Wall Street Journal. Social media, and Facebook in particular, is seeing a rise in new tactics for spreading harm to computers.
Malware is not the same as defective software, that is, software that has a legitimate purpose but contains harmful bugs. Sometimes, malware is disguised as genuine software, and may come from an official site. Therefore, some security programs, such as McAfee may call malware "potentially unwanted programs" or "PUP". Though a computer virus is malware that can reproduce itself, the term is often used erroneously to refer to the entire category.
Many early infectious programs, including the first Internet Worm and a number of MS-DOS viruses, were written as experiments or pranks. They were generally intended to be harmless or merely annoying, rather than to cause serious damage to computer systems. In some cases, the perpetrator did not realize how much harm his or her creations would do. Young programmers learning about viruses and their techniques wrote them simply for practice, or to see how far they could spread. As late as 1999, widespread viruses such as the Melissa virus and the David virus appear to have been written chiefly as pranks. The first mobile phone virus, Cabir, appeared in 2004.
Hostile intent related to vandalism can be found in programs designed to cause harm or data loss. Many DOS viruses, and the Windows ExploreZip worm, were designed to destroy files on a hard disk, or to corrupt the file system by writing invalid data to them. Network-borne worms such as the 2001 Code Red worm or the Ramen worm fall into the same category. Designed to vandalize web pages, worms may seem like the online equivalent to graffiti tagging, with the author's alias or affinity group appearing everywhere the worm goes.
Since the rise of widespread broadband Internet access, malicious software has been designed for a profit (e.g. forced advertising). For instance, since 2003, the majority of widespread viruses and worms have been designed to take control of users' computers for black-market exploitation. Infected "zombie computers" are used to send email spam, to host contraband data such as child pornography, or to engage in distributed denial-of-service attacks as a form of extortion.
Another strictly for-profit category of malware has emerged in spyware -- programs designed to monitor users' web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues to the spyware creator. Spyware programs do not spread like viruses; they are, in general, installed by exploiting security holes or are packaged with user-installed software, such as peer-to-peer applications.
The best-known types of malware, viruses and worms, are known for the manner in which they spread, rather than any other particular behavior. The term computer virus is used for a program that has infected some executable software and, when run, causes the virus to spread to other executables. Viruses may also contain a payload that performs other actions, often malicious. On the other hand, a worm is a program that actively transmits itself over a network to infect other computers. It too may carry a payload.
These definitions lead to the observation that a virus requires user intervention to spread, whereas a worm spreads itself automatically. Using this distinction, infections transmitted by email or Microsoft Word documents, which rely on the recipient opening a file or email to infect the system, would be classified as viruses rather than worms.
Some writers in the trade and popular press misunderstand this distinction and use the terms interchangeably.