---
title: "Virus — AP Cybersecurity Definition & Exam Guide"
description: "A virus is malware that needs a user to run or open a file before it spreads. Learn how it differs from worms and Trojans for AP Cybersecurity Unit 4."
canonical: "https://fiveable.me/ap-cybersecurity/key-terms/virus"
type: "key-term"
subject: "AP Cybersecurity"
unit: "Unit 4"
---

# Virus — AP Cybersecurity Definition & Exam Guide

## Definition

In AP Cybersecurity, a virus is a type of malware that must be activated by a user, meaning someone has to execute or open an infected file before it can run and spread (EK 4.1.B.2).

## What It Is

A **virus** is [malicious](/ap-cybersecurity/unit-3/detecting-network-attacks/study-guide/5kYH3dgJpqFp57SUnjEX "fv-autolink") software ([malware](/ap-cybersecurity/key-terms/malware "fv-autolink")) that needs a human to set it off. Until someone executes a program or opens an infected file, the virus just sits there doing nothing. That's the defining trait: a virus requires **user activation** (EK 4.1.B.2). Think of it like a booby trap that only goes off when you step on it.

Once activated, a virus does what malware does. Per EK 4.1.B.1, malware can damage or destroy a device or network, or hand an [adversary](/ap-cybersecurity/key-terms/adversary "fv-autolink") access to the device and the data on it. Viruses are one of several malware types the CED lists alongside worms, Trojans, and others, and they usually serve as a tool inside a bigger attack plan rather than the adversary's end goal.

## Why It Matters

Virus lives in **[Unit 4](/ap-cybersecurity/unit-4 "fv-autolink"): Securing Devices**, specifically topic **4.1 Device Vulnerabilities and Attacks**. It directly supports **[AP Cybersecurity](/ap-cybersecurity "fv-autolink") 4.1.B**, where you identify the type of malware used in a cyberattack. Knowing the exact definition matters because the whole point of 4.1.B is telling malware types apart, and the line between a virus, a worm, and a Trojan comes down to small but testable details about how each one spreads and activates.

It also feeds into 4.1.C and 4.1.D, where you explain and assess the risk a malware infection creates. A virus can be the delivery mechanism that lets an adversary remotely control a device, [encrypt](/ap-cybersecurity/unit-5/asymmetric-cryptography/study-guide/VwtcdE1OgUXoQu0fiDG2 "fv-autolink") a drive for ransom, or wipe data entirely (EK 4.1.D.1).

## Connections

### [Worm (Unit 4)](/ap-cybersecurity/key-terms/worm)

A [worm](/ap-cybersecurity/key-terms/worm "fv-autolink") is the virus's self-driving cousin. Both are malware, but a worm spreads computer to computer with no human interaction, while a virus needs you to open or run the infected file first. That single difference is the most common thing the exam tests.

### [Trojan (Unit 4)](/ap-cybersecurity/key-terms/trojan)

A [Trojan](/ap-cybersecurity/key-terms/trojan "fv-autolink") hides inside software that looks harmless, so when you run that 'safe' program you also run the malware. Like a virus, it relies on you taking an action, but the trick is disguise rather than just an infected file.

### [Anti-malware (Unit 4)](/ap-cybersecurity/key-terms/anti-malware)

Anti-malware is the defense built to catch viruses (and other malware) before they activate. When the CED asks you to assess and document risk in 4.1.D, missing or outdated anti-malware is exactly the kind of gap that raises a device's risk level.

### Software vulnerabilities and exploits (Unit 4)

EK 4.1.C.1 explains that unpatched software gives adversaries a way in. A virus often rides on top of that, exploiting a known weakness to crash a system, spy through a webcam, or take control of the device.

## On the AP Exam

Expect virus to show up in multiple-choice questions that ask you to identify malware or pick which type fits a scenario. Several practice questions simply ask "Which of the following is an example of malware?" and a virus is a textbook correct answer. The trickier stems describe how something spreads and make you choose between a virus, a worm, and a Trojan, so read for the activation detail: if a human has to open or run a file, it's a virus; if it spreads on its own, it's a worm. No released FRQ has used the term verbatim, but virus supports the risk-assessment writing the CED rewards in 4.1.C and 4.1.D, where you explain how malware leads to loss, damage, disruption, or destruction.

## virus vs worm

Both are malware, and that's why they get mixed up. The CED draws one clean line: a virus must be activated by a user opening or executing a file, while a worm spreads from computer to computer with no human interaction. If a question says someone clicked or ran something, lean virus; if it spreads by itself, lean worm.

## Key Takeaways

- A virus is malware that only runs after a user executes or opens an infected file (EK 4.1.B.2).
- The defining difference between a virus and a worm is human activation: viruses need it, worms don't.
- Viruses fall under AP Cybersecurity 4.1.B, where you identify the type of malware used in a cyberattack.
- Once activated, a virus can damage or destroy a device, steal data, or give an adversary control (EK 4.1.B.1 and 4.1.D.1).
- On the exam, watch for words like 'opened,' 'clicked,' or 'ran a file' as signals pointing to a virus rather than a worm.

## FAQs

### What is a virus in AP Cybersecurity?

It's a type of malware that must be activated by a user, meaning someone has to execute or open an infected file before it can run (EK 4.1.B.2). It's one of the malware types you identify under learning objective 4.1.B.

### Is a virus the same as a worm?

No. Both are malware, but a virus needs a user to open or run a file to activate, while a worm spreads from computer to computer on its own with no human interaction. That activation detail is the key distinction the exam tests.

### How is a virus different from a Trojan?

A virus is malware tied to an infected file that you have to run, while a Trojan is malware hidden inside software that looks harmless. Both depend on a user taking action, but a Trojan's whole strategy is disguise.

### Is a virus on the AP Cybersecurity exam?

Yes. Virus appears in Unit 4 under topic 4.1, and multiple-choice questions ask you to identify malware or distinguish a virus from a worm or Trojan based on how it spreads.

### What can a virus actually do once it's activated?

Per EK 4.1.B.1 and 4.1.D.1, an activated virus can damage or destroy a device, steal data, encrypt a drive for ransom, or give an adversary remote control. It's often just one step in a larger attack plan.

## Related Study Guides

- [4.1 Device Vulnerabilities and Attacks](/ap-cybersecurity/unit-4/device-vulnerabilities-and-attacks/study-guide/HACz1L7MBGLXO5AANWlK)

## Structured Data

```json
{"@context":"https://schema.org","@graph":[{"@type":"LearningResource","@id":"https://fiveable.me/ap-cybersecurity/key-terms/virus#resource","name":"Virus — AP Cybersecurity Definition & Exam Guide","url":"https://fiveable.me/ap-cybersecurity/key-terms/virus","learningResourceType":"Concept explainer","educationalLevel":"AP® / High School","about":{"@id":"https://fiveable.me/ap-cybersecurity/key-terms/virus#term"},"audience":{"@type":"EducationalAudience","educationalRole":"student"},"dateModified":"2026-06-15T18:59:32.443Z","isPartOf":{"@type":"Collection","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"publisher":{"@type":"Organization","name":"Fiveable","url":"https://fiveable.me"}},{"@type":"DefinedTerm","@id":"https://fiveable.me/ap-cybersecurity/key-terms/virus#term","name":"virus","description":"In AP Cybersecurity, a virus is a type of malware that must be activated by a user, meaning someone has to execute or open an infected file before it can run and spread (EK 4.1.B.2).","url":"https://fiveable.me/ap-cybersecurity/key-terms/virus","inDefinedTermSet":{"@type":"DefinedTermSet","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"educationalAlignment":[{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.1, LO 4.1.A"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.1, LO 4.1.B"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.1, LO 4.1.C"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.1, LO 4.1.D"}]},{"@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is a virus in AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"It's a type of malware that must be activated by a user, meaning someone has to execute or open an infected file before it can run (EK 4.1.B.2). It's one of the malware types you identify under learning objective 4.1.B."}},{"@type":"Question","name":"Is a virus the same as a worm?","acceptedAnswer":{"@type":"Answer","text":"No. Both are malware, but a virus needs a user to open or run a file to activate, while a worm spreads from computer to computer on its own with no human interaction. That activation detail is the key distinction the exam tests."}},{"@type":"Question","name":"How is a virus different from a Trojan?","acceptedAnswer":{"@type":"Answer","text":"A virus is malware tied to an infected file that you have to run, while a Trojan is malware hidden inside software that looks harmless. Both depend on a user taking action, but a Trojan's whole strategy is disguise."}},{"@type":"Question","name":"Is a virus on the AP Cybersecurity exam?","acceptedAnswer":{"@type":"Answer","text":"Yes. Virus appears in Unit 4 under topic 4.1, and multiple-choice questions ask you to identify malware or distinguish a virus from a worm or Trojan based on how it spreads."}},{"@type":"Question","name":"What can a virus actually do once it's activated?","acceptedAnswer":{"@type":"Answer","text":"Per EK 4.1.B.1 and 4.1.D.1, an activated virus can damage or destroy a device, steal data, encrypt a drive for ransom, or give an adversary remote control. It's often just one step in a larger attack plan."}}]},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"AP Cybersecurity","item":"https://fiveable.me/ap-cybersecurity"},{"@type":"ListItem","position":2,"name":"Key Terms","item":"https://fiveable.me/ap-cybersecurity/key-terms"},{"@type":"ListItem","position":3,"name":"Unit 4","item":"https://fiveable.me/ap-cybersecurity/unit-4"},{"@type":"ListItem","position":4,"name":"virus"}]}]}
```
