What is the difference between the content of a malicious link coming from a spam email into Gmail or Outlook and the content of a malicious link coming from a malware hosted sites?
I don't really understand what you mean?
A malicious link is a link which is pointed to a malicious website. A website holding downloads to malicious software is a malicious website, and therefore a link pointing to a malicious website which holds downloads to malicious software is a malicious link.
As an example, if you get an email from someone telling you that you need to update your account information for a website you have an account on (the e-mail might even be spoofed to help social engineer you) and it contains a link which directs you to a webpage with fields for you to input information, the submitted information will be forwarded back to the attacker/s. This is called phishing. The link would be malicious, because the intent is malicious (to steal your information through social engineering, trick you into believing that you are handing over information to someone you are not - sensitive and private information). This can lead to someone else signing into your account/s or selling your information, which leads to a wide variety of other outcomes. As well as the link being malicious (you can say the email is too because the intent is malicious altogether), the email is also spam.
Phishing is not actually exclusive to online webpages to steal your information or only spread through e-mail. Phishing can be performed from software-level as well (e.g. via malicious software), but it is a lot less common these days because attackers know that the more steps required (user intervention based) will reduce the chances of them successfully stealing information from someone via phishing. An example of software for phishing would be a program designed to show the user a login for a service the malware author does not own with the hope they will enter their login credentials from the interface of the program, so these credentials can be sent back to the attacker. More often than not, when these phishing attempts (software-based) were a lot more prevalent (usually luring people in who wanted to "hack" games), they were usually developed in a managed language (e.g. C#.NET or VB.NET) and would typically rely on e-mail to send back the attacker the stolen credentials. YouTube used to be a good source of finding new samples for this sort of thing back in the day because attackers would market tools like this as "Free PayPal money hacks" or similar, but I am not sure if such phishing programs are still prevalent that much... I doubt it though.
You could label such tools as a "Password Stealer" instead though. E.g. Trojan.PW or Trojan.PasswordStealer, whatever floats your boat.
To explain it in the most easiest form:
A malicious link is any link which takes you to a malicious website. You can click on a link which will redirect you elsewhere (which happens to be a destination containing malicious content), and that initial link will also be "malicious" in my opinion since it was designed to redirect you to a different place which is malicious. The malicious link may try to steal information from you or provide you malicious downloads... Anything with malicious intent would count.
Spam definition:
Irrelevant or unsolicited messages sent over the Internet, typically to a large number of users, for the purposes of advertising, phishing, spreading malware, etc.
Source:
spam | Definition of spam in English by Oxford Dictionaries
Malicious definition:
Source:
malicious Meaning in the Cambridge English Dictionary
Using the example I made above, the message sent to me (if I am the person targeted from my example) via e-mail is irrelevant as well as unsolicited, but also has malicious intent due to the malicious link in the spam email which would take me to a malicious web-page so the attacker can try and steal information from me.
I hope this explanation was good enough for you to understand.
