Malware, short for malicious software, (sometimes referred to as pestware) is a software designed to secretly access a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses,worms, trojan horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other malicious and unwanted software or program. In law, malware is sometimes known as a computer contaminant.
According to F-Secure, "As much malware was produced in 2007 as in the previous 20 years altogether." Malware's most common pathway from criminals to users is through the Internet primarily by e-mail and the World Wide Web.
The prevalence of malware as a vehicle for organized Internet crime, along with the general inability of traditional anti-malware protection platforms (products) to protect against the continuous stream of unique and newly produced malware, has seen the adoption of a new mindset for businesses operating on the Internet: the acknowledgment that some sizable percentage of Internet customers will always be infected for some reason or another, and that they need to continue doing business with infected customers. The result is a greater emphasis on back-office systems designed to spot fraudulent activities associated with advanced malware operating on customers' computers.
Malware is not the same as defective software, that is, software that has a legitimate purpose but contains harmful bugs. Sometimes, malware is disguised as genuine software, and may come from an official site. Therefore, some security programs, such as McAfee may call malware "potentially unwanted programs" or "PUP". Though a computer viruses is malware that can reproduce itself, the term is often used to refer to the entire category.
As one'Z conclusion, we must protecting information resources that a threat will impact an information resource and control the impact of threats.