Legitimate applications are applications that may be installed and used on computers of users and are intended for performing user tasks. However, certain types of legitimate applications can be exploited by hackers to harm the user's computer or the enterprise network. If hackers gain access to these applications, or if they plant them on the user's computer, some of their features can be used to compromise the security of the user's computer or the enterprise network.
These applications include IRC clients, auto-dialers, file downloaders, computer system activity monitors, password management utilities, and web servers for FTP, HTTP, or Telnet services.
Such applications are described in the table below.
Legitimate applications
Type |
Name |
Description |
|---|---|---|
Client-IRC |
Online chat clients |
Users install these applications to communicate with people in Internet Relay Chats. Hackers use them to spread malware. |
Dialer |
Auto-dialers |
They can establish hidden phone connections over a modem. |
Downloader |
Downloader programs |
They can covertly download files from web pages. |
Monitor |
Monitoring programs |
They allow monitoring of activities on the computer on which they are installed (seeing which applications are active and how they exchange data with applications that are installed on other computers). |
PSWTool |
Password recovery tools |
They allow viewing and recovery of forgotten passwords. Hackers secretly plant them on computers for the same purpose. |
RemoteAdmin |
Remote administration programs |
They are widely used by system administrators. These programs allow someone to obtain access to the interface of a remote computer to monitor and manage it. Hackers secretly plant them on computers for the same purpose: to monitor and control computers. Legitimate remote administration applications differ from Backdoor-type Trojans used for remote administration. Trojans have the ability to independently infiltrate a system and install themselves, while legitimate applications are unable to do so. |
Server-FTP |
FTP servers |
They perform FTP server functions. Hackers plant them on computers to gain remote access to them over the FTP protocol. |
Server-Proxy |
Proxy servers |
They perform proxy server functions. Hackers plant them on computers to send spam from them. |
Server-Telnet |
Telnet servers |
They perform Telnet server functions. Hackers plant them on computers to gain remote access to them over the Telnet protocol. |
Server-Web |
Web servers |
They perform web server functions. Hackers plant them on computers to gain remote access to them over the HTTP protocol. |
RiskTool |
Tools for managing a virtual machine |
They offer the user additional capabilities for managing the computer. These tools allow the user to hide files or windows of active applications and terminate active processes. |
NetTool |
Network tools |
They offer the user of the computer on which they are installed additional capabilities for interacting with other computers on the network. These tools enable the user to restart them, detect open ports, and start applications that are installed on the computers. |
Client-P2P |
P2P network clients |
They enable operation on peer-to-peer (P2P) networks. They can be used by hackers to spread malware. |
Client-SMTP |
SMTP clients |
They send email messages without the user's knowledge. Hackers plant them on computers to send spam from them. |
WebToolbar |
Web toolbars |
They add toolbars to the interfaces of other applications to use search engines. |
FraudTool |
Fake programs |
They pass themselves off as other programs. For example, there are fake anti-virus programs that display messages about malware detection. However, in reality, they do not find or disinfect anything. |