Topic

3.6.2.2 Malware

GCSE Computer Science AQA

This resource focuses on 3.6.2.2 Malware in AQA GCSE Computer Science. It is the part of the cyber security content where students need to define malware, recognise the main forms named in the specification, and explain sensible protection methods. It is a small specification point, but it often appears in questions that reward precise vocabulary rather than vague "bad software" explanations.

Teachers usually find that students can spot the word virus quickly, but then start calling everything a virus by period 3 on a Friday. This page keeps the scope tight to what AQA expects, so you can teach the differences clearly, spot misconceptions fast, and mark answers consistently.


At a Glance

🧭 - Specification context: AQA GCSE Computer Science, section 3.6.2.2 Malicious code (malware)

  • Students must know: the definition of malware, how malware can be prevented, and the differences between a virus, trojan, and spyware

  • Typical exam focus: clear definitions, correct identification of malware types, and practical protection methods

  • Common challenge: students often treat all malware as a virus or confuse a trojan with a virus because both can install harmful code


Understanding the Topic

What the specification is asking for

  • Students need a secure definition of malware as software designed to harm, disrupt, access, or exploit a computer system.
  • Students must be able to describe how malware is protected against, not just name examples.
  • Students must describe these three forms named by AQA:
    • Computer virus
    • Trojan
    • Spyware

The three malware types in scope

  • Computer virus
    • Attaches itself to files or programs.
    • Spreads when the infected file is opened, copied, or shared.
    • Often corrupts data, damages files, or slows systems down.
  • Trojan
    • Appears to be legitimate or useful software.
    • Tricks the user into installing it.
    • Does not need to self-replicate to be harmful.
  • Spyware
    • Secretly monitors activity.
    • Can record keystrokes, browsing habits, or login details.
    • Is designed to gather information without the user's knowledge.

Protection methods teachers should keep in scope

  • Install and update anti-malware or antivirus software.
  • Keep operating systems and software patched and up to date.
  • Avoid downloading files from untrusted sources.
  • Be cautious with email attachments, pop-ups, and unexpected links.
  • Use permissions and access controls sensibly so users do not install software carelessly.

💡 Teaching tip: keep asking, "How does it get in?" and "What does it do once it is there?" That usually helps students separate viruses, trojans, and spyware far more quickly than memorising three isolated definitions.


Key Terms and Concepts

Term Explanation
Malware An umbrella term for malicious software designed to harm, disrupt, spy on, or gain unauthorised access to systems.
Computer virus A type of malware that attaches to files or programs and spreads when those files are used or shared.
Trojan Malware disguised as legitimate software so that a user installs it willingly.
Spyware Malware that secretly monitors user activity or collects personal data.
Infection The successful installation or activation of malware on a device.
Patch A software update that fixes weaknesses, including security vulnerabilities.
Anti-malware Software designed to detect, block, quarantine, or remove malicious software.

How to Teach This Topic

Classroom moves

  • Start with three short scenarios and ask students to classify them as virus, trojan, or spyware.
  • Use a sorting activity with how it spreads, what it looks like, and what damage it causes.
  • Model precise sentence stems:
    • A virus is...
    • A trojan differs because...
    • Spyware is used to...
  • Revisit the topic through mini retrieval quizzes because the terminology is easy to blur.

Discussion prompts

  • Why is a trojan not just "a virus with a different name"?
  • Which type of malware is most focused on data collection rather than file damage?
  • Why do software updates reduce malware risk?
  • Why is human behaviour often part of the security problem?

Scaffolding ideas

  • Give weaker students a comparison grid with the headings disguise, self-spreading, main purpose, and example effect.
  • Ask students to underline command words in exam questions such as define, describe, and explain before answering.
  • Use dual coding:
    • a warning email for trojan
    • an infected file for virus
    • a hidden tracker for spyware

Extension activities

  • Ask students to rank protection methods from most preventative to most reactive and justify their order.
  • Set a short evaluation question on why user training matters even when anti-malware software is installed.
  • Challenge students to improve a weak exam answer by adding missing technical vocabulary.

🧑‍🏫 Helpful reminder: if students keep writing "malware is a virus", pause and reteach the umbrella term. That one correction fixes a surprising number of later marks.


How to Mark This Topic Effectively

What strong answers usually contain

  • A clear definition of malware as malicious software.
  • Correct distinctions between virus, trojan, and spyware.
  • At least one relevant protection method that is explained, not just named.
  • Accurate technical vocabulary such as infects, disguised, monitors, collects data, and updates.

What weaker answers usually do

  • Call every form of malware a virus.
  • Describe a trojan as self-spreading when the answer really means a virus.
  • Give vague protection advice such as "be careful online" without any specific method.
  • Confuse spyware with general spying by a person rather than software collecting data.
Feature Stronger response Weaker response
Definition Defines malware precisely as malicious software. Says only "it is bad" or "it is hacking".
Virus Explains infection and spreading through files or programs. Uses the word without explaining how it works.
Trojan Explains disguise as legitimate software. Claims it automatically spreads between computers.
Spyware Explains monitoring or data collection. Describes it only as "watching you" with no technical detail.
Protection Links protection to updates, scanning, trusted downloads, or cautious email use. Gives generic advice with no clear cyber security method.

Marking guidance: reward specificity. If a student distinguishes the malware types clearly and explains one or two sensible protection methods accurately, the response is moving into stronger territory even if the wording is not textbook-perfect.


Example Student Responses

Example question

6 marks: Describe what malware is and explain the difference between a computer virus, a trojan, and spyware. Suggest one way a user can protect a computer from malware.

Marking guidelines

  • 1-2 marks: basic awareness of malware with limited detail
  • 3-4 marks: some accurate description of at least two malware types and a simple protection method
  • 5-6 marks: clear definition, accurate distinctions between all three malware types, and a relevant protection method explained clearly
Strong response

The student writes:

Malware is malicious software that is designed to damage a system, disrupt its operation, or gain unauthorised access to data. A virus attaches itself to a file or program and can spread when the file is opened or shared. A trojan looks like genuine software and tricks the user into installing it, but it is actually harmful. Spyware runs secretly and collects information such as login details or browsing activity. One way to protect against malware is to keep anti-malware software updated so it can detect and remove threats.

Why this scores highly

  • Defines malware accurately.
  • Distinguishes all three named forms clearly.
  • Explains each form rather than just listing names.
  • Gives a relevant protection method and explains why it helps.

Likely mark

  • 6/6
Weak response

The student writes:

Malware is a virus that hacks your computer. A trojan is a virus and spyware is when someone spies on you. You can stop malware by being careful.

Why this stays limited

  • Confuses malware with virus.
  • Does not explain that a trojan is disguised as legitimate software.
  • Describes spyware too vaguely.
  • Gives a protection method that is too general to reward strongly.

Likely mark

  • 2/6

Practice Questions

  1. 2 marks: Define the term malware.
    • Marking guidance: award both marks for a clear definition that recognises malware as malicious or harmful software.
  2. 4 marks: Describe two ways a user can reduce the risk of malware infection.
    • Marking guidance: reward named methods plus brief explanation, such as updating software, using anti-malware tools, or avoiding suspicious downloads.
  3. 4 marks: Explain why a trojan is different from a computer virus.
    • Marking guidance: strong answers explain disguise versus infection and spreading.
  4. 6 marks: Describe the difference between a virus, a trojan, and spyware.
    • Marking guidance: reward three distinct descriptions with accurate technical language.
  5. 6 marks: A student downloads a "free game patch" from an unknown website and later notices files are corrupted and login details have been stolen. Explain which forms of malware may be involved and how the risk could have been reduced.
    • Marking guidance: reward application of knowledge, not just memorised definitions.

📝 Exam technique tip: when students see describe the difference, they need comparison points. One-sentence labels are rarely enough once the mark tariff rises.


Common Misconceptions

What students often say

  • "Malware means virus."
  • "A trojan spreads itself like a virus."
  • "Spyware just means a hacker is watching your screen."
  • "Protection means do not use the internet."

Quick corrections to use

  • Malware is the umbrella term. A virus is one type.
  • A trojan is mainly about disguise, not self-replication.
  • Spyware is software that collects data secretly.
  • Protection is about specific measures such as updates, scanning, and trusted downloads.

FAQ

How much detail do students need for each malware type?

They need enough detail to distinguish the named types clearly. A short, accurate description is better than a long vague paragraph.

Should I teach malware beyond virus, trojan, and spyware?

You can mention wider examples for context, but keep assessment practice tightly focused on the three forms named in the AQA specification.

What is the most common exam weakness on this topic?

Students often use everyday language instead of technical vocabulary. They know something is harmful, but do not explain how it infects, disguises itself, or gathers data.

How can I make the differences stick?

Use repeated comparison rather than separate definitions. The question "How does it get in and what does it do?" works very well.

Should protection methods be taught separately from the malware types?

Teach them together. Students answer better when each malware example is linked immediately to sensible prevention.


Make marking this easier on yourself

🚀 Marking.ai helps teachers mark faster, stay consistent, and give clearer feedback on exam-style responses. It is especially useful once students start writing longer extended answers and you want feedback that is quick, accurate, and easy to act on.