About protecting traffic against specific legitimate applications

Legitimate applications are applications that may be installed and used on computers of users and are intended for performing user tasks. However, certain types of legitimate applications can be exploited by hackers to harm the user's computer or the enterprise network. If hackers gain access to these applications, or if they plant them on the user's computer, some of their features can be used to compromise the security of the user's computer or the enterprise network.

These applications include IRC clients, auto-dialers, file downloaders, computer system activity monitors, password management utilities, and web servers for FTP, HTTP, or Telnet services.

Such applications are described in the table below.

Legitimate applications

Type

Name

Description

Client-IRC

Online chat clients

Users install these applications to communicate with people in Internet Relay Chats. Hackers use them to spread malware.

Dialer

Auto-dialers

They can establish hidden phone connections over a modem.

Downloader

Downloader programs

They can covertly download files from web pages.

Monitor

Monitoring programs

They allow monitoring of activities on the computer on which they are installed (seeing which applications are active and how they exchange data with applications that are installed on other computers).

PSWTool

Password recovery tools

They allow viewing and recovery of forgotten passwords. Hackers secretly plant them on computers for the same purpose.

RemoteAdmin

Remote administration programs

They are widely used by system administrators. These programs allow someone to obtain access to the interface of a remote computer to monitor and manage it. Hackers secretly plant them on computers for the same purpose: to monitor and control computers.

Legitimate remote administration applications differ from Backdoor-type Trojans used for remote administration. Trojans have the ability to independently infiltrate a system and install themselves, while legitimate applications are unable to do so.

Server-FTP

FTP servers

They perform FTP server functions. Hackers plant them on computers to gain remote access to them over the FTP protocol.

Server-Proxy

Proxy servers

They perform proxy server functions. Hackers plant them on computers to send spam from them.

Server-Telnet

Telnet servers

They perform Telnet server functions. Hackers plant them on computers to gain remote access to them over the Telnet protocol.

Server-Web

Web servers

They perform web server functions. Hackers plant them on computers to gain remote access to them over the HTTP protocol.

RiskTool

Tools for managing a virtual machine

They offer the user additional capabilities for managing the computer. These tools allow the user to hide files or windows of active applications and terminate active processes.

NetTool

Network tools

They offer the user of the computer on which they are installed additional capabilities for interacting with other computers on the network. These tools enable the user to restart them, detect open ports, and start applications that are installed on the computers.

Client-P2P

P2P network clients

They enable operation on peer-to-peer (P2P) networks. They can be used by hackers to spread malware.

Client-SMTP

SMTP clients

They send email messages without the user's knowledge. Hackers plant them on computers to send spam from them.

WebToolbar

Web toolbars

They add toolbars to the interfaces of other applications to use search engines.

FraudTool

Fake programs

They pass themselves off as other programs. For example, there are fake anti-virus programs that display messages about malware detection. However, in reality, they do not find or disinfect anything.

See also

Protecting network traffic

Configuring Anti-Virus module settings

Configuring Anti-Phishing module settings

Configuring archive processing

Page top