Computing · Secondary 4

Active learning ideas

Threat Landscape: Malware and Viruses

Active learning works because students need to see malware behavior in action to grasp abstract differences between viruses, worms, and ransomware. Simulations and card sorts let students experience propagation methods firsthand, making technical distinctions memorable and discussion-ready.

MOE Syllabus OutcomesMOE: Cybersecurity - S4MOE: Cyber Threats - S4
25–45 minPairs → Whole Class4 activities

Activity 01

Case Study Analysis45 min · Small Groups

Simulation Lab: Malware Propagation

Use a simple network simulator app or string-and-cup model to represent computers. Assign roles: one group introduces a 'worm' that spreads by passing strings, another a 'virus' needing file activation. Students track spread speed and infection points over rounds, then discuss prevention.

How do different types of malware propagate through a network?

Facilitation TipFor the Simulation Lab, set clear boundaries for the lab environment to prevent actual data loss. Use a sandbox tool like VirtualBox with snapshots so students can safely restart after mistakes.

What to look forPresent students with short scenarios describing malware behavior. Ask them to identify the type of malware (virus, worm, ransomware) and briefly explain their reasoning, citing specific actions like 'attaches to a file' or 'spreads without user input'.

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

Activity 02

Case Study Analysis30 min · Pairs

Case Study Dissection: Real Ransomware

Provide printed or digital case studies of WannaCry and similar attacks. In pairs, students identify entry methods, impacts, and responses. They create flowcharts showing operation sequences and present findings to the class.

Differentiate between a virus, a worm, and ransomware.

Facilitation TipDuring Case Study Dissection, assign roles so each pair has a note-taker, researcher, and presenter. Rotate roles to keep all students engaged and accountable.

What to look forFacilitate a class discussion using the prompt: 'Imagine a new piece of malware is discovered that can spread through email attachments but also replicate itself to other computers on the same network. What are the immediate concerns, and how would you advise a small business in Singapore to protect itself?'

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

Activity 03

Case Study Analysis25 min · Small Groups

Classification Sort: Threat Cards

Distribute cards describing malware behaviors. Groups sort them into virus, worm, ransomware piles, justifying choices with evidence. Follow with a class vote and correction round using official definitions.

Predict the impact of a new, unknown type of malware on a typical computer system.

Facilitation TipFor Classification Sort, provide a mix of real-world and hypothetical examples on cards. Have students justify their placements aloud to reinforce terminology and reasoning.

What to look forOn an index card, have students define one key vocabulary term in their own words and then list one difference in how a virus and a worm propagate. Collect these as students leave to gauge understanding of core concepts.

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

Activity 04

Case Study Analysis35 min · Whole Class

Prediction Challenge: Unknown Malware

Present a hypothetical new malware scenario. Individually, students predict spread and impacts on a school network, then share in whole class discussion to refine predictions based on prior classifications.

How do different types of malware propagate through a network?

Facilitation TipIn the Prediction Challenge, give students limited time to analyze logs or code snippets. This mimics real-world incident response pressure and sharpens analytical skills.

What to look forPresent students with short scenarios describing malware behavior. Ask them to identify the type of malware (virus, worm, ransomware) and briefly explain their reasoning, citing specific actions like 'attaches to a file' or 'spreads without user input'.

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

A few notes on teaching this unit

Teachers should start with clear definitions but quickly move to concrete examples that students can manipulate. Avoid over-reliance on lectures about malware types; instead, use activities where students classify, simulate, and predict outcomes. Research shows hands-on cybersecurity tasks improve retention, especially when students see immediate cause-and-effect, like watching a worm spread in a sandbox.

Successful learning shows when students can explain propagation methods, classify unseen malware types, and predict impacts on systems. They should confidently use terms like 'host file,' 'autonomous replication,' and 'encryption' to describe threats.

Watch Out for These Misconceptions

  • During Classification Sort: Threat Cards, watch for students who group all malware together as the same type.

    Use the card sort to redirect their attention to the propagation method listed on each card, such as 'requires user execution' or 'self-replicates.' Ask them to physically move cards into columns labeled with propagation traits to force comparison.

  • During Case Study Dissection: Real Ransomware, watch for students who assume ransomware only affects large organizations.

    Have pairs analyze case studies that include personal device examples, like a school email scam or a mobile phone infection. Ask them to highlight the entry point (email or download) and the target (data encryption) to connect ransomware to everyday risks.

  • During Prediction Challenge: Unknown Malware, watch for students who believe antivirus software always stops malware immediately.

    Use the logs or code snippets in this activity to show varied detection outcomes. Ask students to note where detection failed and why, then discuss how layered defenses (like firewalls plus antivirus) reduce but don't eliminate risks.

Methods used in this brief

More in Cybersecurity and Defense

Introduction to Cybersecurity: Why it Matters

Understanding the importance of cybersecurity in protecting personal and organizational data in the digital age.

2 methodologies

Social Engineering and Phishing

Examining human-based cyber threats like phishing, pretexting, and baiting, and strategies to identify and avoid them.

3 methodologies

Authentication and Authorization

Understanding different methods of user authentication (passwords, biometrics, multi-factor) and authorization.

2 methodologies

Encryption Fundamentals: Symmetric Encryption

Understanding symmetric encryption, where the same key is used for both encryption and decryption.

2 methodologies

Encryption in Everyday Life: HTTPS and Digital Certificates

Understanding how encryption is used in common applications like secure websites (HTTPS) and the concept of digital certificates for verifying identity.

2 methodologies