A cookie, also known as an HTTP cookie, web cookie, or browser cookie is a small text file storied on a user's computer and contains some data sent from the server of a web site.
These files are stored by the browser within memory or in a temporary file directory administered by the browser. A cookie is an innocuous file that can not carry a virus. It isn't an executable file and so can not install 'malware' on your computer.
Instead it contains information that a web application finds useful to function. A common use maybe to store choices the user has made while using the site such as searching or shopping basket options. Cookies are also often used to store the log in status of the user.
Cookies are an essential technology in the functioning of most Web applications.
It is important to note that a cookie can only be read by the server which created it, so the notion of your shopping basket choices made on an e-commerce site can be seen by a rival site is incorrect.*
However, many web sites will carry code on their pages which is administrated by a different server, the most obvious example of this are adverts. Web sites do not tend to sell their own advertising space, instead the ads are provided by a third party ad network and it is their server which places the ads on the page. This third party server has a legitimate interaction with the browser and thus can create a cookie of its own, probably storing something like the category or subject of the page the ad was served from. If a user then visits another Web site which uses the same ad network, this 'tracking' cookie can be read by the advert server and the information used to decide what ad to show them. This is why you may find that if you search for a product on one web site, you may then see adverts for that product or related items when you visit other Web sites.
There is an obvious privacy concern here, but the contumacy which surrounds cookies and paved the way for the EU legislation in 2011 was mostly caused by misunderstanding of the problem. The resultant legislation requires that companies operating in the EU must declare the fact that they are using cookies. This of course does not stop any potential abuse, not only because it doesn't apply to Web sites outside of the EU (which are the majority) but also because it is nothing more than a declaration and this does nothing to stop illegitimate use.
All modern browsers offer settings to control how cookies are handled, however you should remember that if you block all cookies you will find that many Web site and applications will cease to function correctly.
For further reading the Wikipedia article on HTTP cookies is very comprehensive.
* There is the potential for cookies to be hijacked by cross-site scripting but the biggest danger is probably from Network eavesdropping and as such a cookie is no more or less secure than any other unencrypted data sent between the client and server.