Computing · Secondary 3

Active learning ideas

Malware: Viruses, Worms, and Trojans

Active learning helps students grasp malware mechanics because the abstract concepts of self-replicating code and social engineering become concrete through hands-on modeling. Our activities let students observe propagation, make predictions, and test defenses, turning passive reading into active problem-solving that sticks.

MOE Syllabus OutcomesMOE: Cybersecurity - S3
30–45 minPairs → Whole Class4 activities

Activity 01

Outdoor Investigation Session35 min · Pairs

Simulation Lab: Malware Spread Models

Provide diagrams of networks; pairs label virus, worm, and Trojan paths with markers. Step 1: Simulate virus by passing 'infected' files between devices. Step 2: Model worm autonomous spread across all nodes. Step 3: Discuss Trojan user-triggered entry.

Compare the propagation methods of viruses, worms, and Trojan horses.

Facilitation TipDuring the Simulation Lab, circulate to ask guiding questions that connect propagation speed to network topology, not just results.

What to look forPresent students with three short scenarios describing how a computer became infected. Ask them to identify the type of malware (virus, worm, or Trojan) in each scenario and briefly explain their reasoning.

RememberUnderstandAnalyzeSocial AwarenessSelf-AwarenessDecision-Making
Generate Complete Lesson

Activity 02

Outdoor Investigation Session45 min · Small Groups

Case Study Dissection: Real Infections

Distribute anonymized case reports on famous malware. Small groups identify type, propagation, compromise method, and consequences in 10 minutes. Groups present findings to class for comparison.

Explain how malware can compromise a computer system.

Facilitation TipFor the Case Study Dissection, assign roles so each student analyzes one infection type, ensuring all perspectives are covered in the final discussion.

What to look forPose the question: 'If a worm can spread automatically across a network, why are viruses still a significant threat?' Facilitate a class discussion where students compare the reliance on user action for viruses versus the self-propagation of worms.

RememberUnderstandAnalyzeSocial AwarenessSelf-AwarenessDecision-Making
Generate Complete Lesson

Activity 03

Outdoor Investigation Session30 min · Whole Class

Prediction Challenge: Infection Scenarios

Present hypothetical scenarios like email attachments or USB drives. Whole class votes on malware type and outcomes, then debates predictions using evidence from prior lessons.

Predict the potential consequences of a malware infection.

Facilitation TipIn the Prediction Challenge, require students to include a specific vulnerability (e.g., open port 445) in their scenarios to focus on technical causes.

What to look forOn an index card, have students write one sentence explaining how a Trojan horse deceives a user and one sentence describing a potential consequence of a computer being infected with a virus.

RememberUnderstandAnalyzeSocial AwarenessSelf-AwarenessDecision-Making
Generate Complete Lesson

Activity 04

Outdoor Investigation Session40 min · Individual

Trojan Hunt: Safe Analysis

Use isolated virtual machines with sample (safe) Trojans. Individuals examine file properties and behaviors, noting deception tactics before reporting to pairs.

Compare the propagation methods of viruses, worms, and Trojan horses.

Facilitation TipDuring the Trojan Hunt, provide checksum tools so students compare file hashes to spot tampering firsthand.

What to look forPresent students with three short scenarios describing how a computer became infected. Ask them to identify the type of malware (virus, worm, or Trojan) in each scenario and briefly explain their reasoning.

RememberUnderstandAnalyzeSocial AwarenessSelf-AwarenessDecision-Making
Generate Complete Lesson

A few notes on teaching this unit

Teach malware by making students the attackers first, then the defenders. Start with simulations that let them experience spread dynamics, then use case studies to ground those observations in real events. Avoid lectures on definitions alone; focus on how malware interacts with systems. Research shows experiential learning improves retention for technical topics like this.

Successful learning looks like students distinguishing malware types by their spread patterns, explaining infection consequences with evidence from simulations, and proposing layered defense strategies. They should justify choices with technical details, not just opinions.

Watch Out for These Misconceptions

  • During Simulation Lab: Malware Spread Models, watch for statements like 'All malware spreads the same way.'

    Use the lab's propagation timelines to pause and ask groups to compare worm speed across networks versus virus attachment to files. Have them annotate their models with labels for each malware type.

  • During Case Study Dissection: Real Infections, watch for statements like 'Antivirus software stops every malware infection.'

    During the case review, highlight antivirus logs showing undetected infections. Ask students to map why detection failed, linking to zero-day exploits and update gaps in their analysis sheets.

  • During Prediction Challenge: Infection Scenarios, watch for statements like 'Worms need user action to spread.'

    Use the challenge's scenario templates to insert a worm that spreads without clicks, then ask students to revise their predictions based on the template's network vulnerability details.

Methods used in this brief

More in Cybersecurity and Defense

Introduction to Cybersecurity

Students will understand the importance of cybersecurity and common terms like threats, vulnerabilities, and risks.

2 methodologies

Phishing and Social Engineering

Students will investigate social engineering tactics, particularly phishing, and learn to identify and avoid them.

2 methodologies

Online Scams and Fraud

Students will learn about various online scams (e.g., fake giveaways, tech support scams) and strategies to protect themselves from financial and personal harm.

2 methodologies

Protecting Data with Encryption (Basic Concept)

Students will understand the basic idea of encryption as a way to scramble data to protect its privacy and security, without delving into specific methods.

2 methodologies

Verifying Online Identity and Trust

Students will learn how to identify secure websites (e.g., HTTPS, padlock icon) and understand why it's important to verify the identity of online sources.

2 methodologies