**2. Malware threats**

In the fields of Information and cyber security; it is highly important to understand the different characteristics of different malicious threats as how they can be propagated in systems and the malicious actions they perform. The discussion here is mainly about viruses, worms and Trojans horses. Computer viruses are named so as they behave similar to the biological virus [3]. They spread from one system to another based on some types of users' actions such as opening an email attachment or even clicking a link in a malicious website also, inserting an infected USB drive in a system. In another way it can be said that viruses cannot be spread unless someone give them the hand and based on that, the best way of protection from viruses is educating other about them.

#### *Intelligent Cybersecurity Threat Management in Modern Information Technologies Systems DOI: http://dx.doi.org/10.5772/intechopen.105478*

Second famous malware is the worms and they spread between system without even user interactions. Worms attack through the system vulnerabilities and once any system been affected the worm can use this system to spread to other connected network systems. As worms spread through the system's vulnerabilities, the best way to protect against worms is to keep the systems and application updated to the most recent patches. Worms recently became more aggressive to the level they can cross the virtual barriers and cause serious physical damages.

Trojan horses pretend to be legitimate and beneficial piece of software to attract users to download or install and once the user run the programs then they behave in weird ways. Actually these malicious Trojan horses carry a harmful payload that can do unwanted actions behind the scenes [4]. The best way of protecting from these type of Trojan horses is the application control policy the can be approved by administrators. It is worthy to mention here that; remote access Trojan know by short name as RATs are special types of Trojan horses that allow hackers to remotely control affected systems.

#### **2.1 Adware, spyware and ransomware**

Each malware can be characterized by its specific propagation mechanism that determine how it spread to other systems also its payload that determine how it delivers its malicious contents in the infected system [5]. This section investigates the different three types of payloads for Adware, Spyware and Ransomware. Beginning with Adware which a common source method to generate revenues from online. Usually this adverting method is quite legitimate and allowing people to generate income from advertised online content. Unfortunately, this is also an opportunity for malware so, adware can consider a specific purpose malware that displaying advertisement to generate money for the malware author instead of the content owner. Some of the tricky mechanism can be used here by adware as for example directing search queries to search engine that is controlled by the malware author also, displaying pop-up while browsing and some cases changing the legitimate ads from content owner by content benefiting the malware author. This is for sure very harmful for the content author as it destroys their customers' trust.

The second type of famous malware payload is the spyware. This malware generates information without the user's permission and knowledge and send information to the malware author to use in any type of malicious action such as stealing account information or for identity theft [6]. Different techniques can be used as spyware such as keystroke loggers capture to trace user's presses. In some cases, spyware monitor web sites visit to capture the usernames and passwords in accessing some sensitive web sites such as banks. These days monitoring web sites browsing is a common spyware activity that can be used to target advertising to specific users. Most dangerously, some spyware malwares can reach inside the system and are able to scan the hard drives and the cloud storage services to capture sensitive information like some social security numbers that can be useful at the end for identity theft.

The third famous type of malware is the ransomware. This type blocks the legitimate user's access and use of a computer or data until ransom is paid. Encrypting files with secret key to be sold later is the most common way used in this malware. Recently, a very good example of ransomware is the CryptoLocker which is started 2014 and still used until today. Most commonly it arrivers to user's email as an attachment in email message and once the user open that attachment, CryptoLocker starts encrypt files in the hardware using strong RSA encryption algorithms. The encrypted file may include office documents, image and CAD modeling which are considered the most important for the end-user. Usually the malware author has a dedicated control server to keep these encryption keys of the files. Then a deadline will be given to pay a ransom. Recently some surveys show that over 40% of the infected people or organization by CryptoLocker paid the ransom. In this context, it is worthy to mention also another type of malware called scareware which is similar to ransomware but it considered a bluff [6, 7]. It usually pops up messages as a sort of website adverting that designed to warn users about some security issues and to scare the end-users by telling them that their systems are compromised and then offer them solutions. The truth is no security issues and their offered solution is just a fake.
