About computer protection against certain legitimate applications

Legitimate applications are applications that may be installed and used on computers of users and are intended for performing user tasks. However, when exploited by intruders, legitimate applications of certain types can harm the user's computer and the corporate LAN. If hackers gain access to these applications, or if they plant them on the user's computer, some of their features can be used to compromise the security of the user's computer or the corporate network.

These applications include IRC clients, auto-dialers, file downloaders, computer system activity monitors, password utilities, and Internet servers for FTP, HTTP, and Telnet.

Such applications are described in the table below.

 

Type

Name

Description

Client-IRC

Online chat clients

Users install these applications to communicate with people in Internet Relay Chats. Intruders use them to spread malware.

Dialer

Auto-dialers

They can establish phone connections over a modem in hidden mode.

Downloader

Downloader applications

They can download files from web pages in hidden mode.

Monitor

Monitor applications

They allow monitoring activity on the computer on which they are installed (seeing which applications are active and how they exchange data with applications that are installed on other computers).

PSWTool

Password restorers

They allow viewing and restoring forgotten passwords. Intruders secretly plant them on computers for the same purpose.

RemoteAdmin

Remote administration programs

They are widely used by system administrators. These programs allow obtaining access to the interface of a remote computer to monitor and manage it. Intruders secretly plant them on computers for the same purpose: to monitor and control computers.

Legitimate remote administration applications differ from Backdoor-type Trojans for remote administration. Trojans have the ability to penetrate the operating system independently and install themselves; legitimate applications are unable to do so.

Server-FTP

FTP servers

They function as FTP servers. Intruders plant them on computers to gain remote access to them via the FTP protocol.

Server-Proxy

Proxy servers

They function as proxy servers. Intruders plant them on computers to send spam from them.

Server-Telnet

Telnet servers

They function as Telnet servers. Intruders plant them on computer to gain remote access to them via the Telnet protocol.

Server-Web

Web servers

They function as web servers. Intruders plant them on computers to gain remote access to them via the HTTP protocol.

RiskTool

Tools for managing a virtual machine

They offer the user additional capabilities for managing the computer. The tools allow the user to hide files or windows of active applications and terminate active processes.

NetTool

Network tools

They offer the user of the computer on which they are installed additional capabilities for interacting with other computers on the network. These tools allow restarting them, detecting open ports, and starting applications that are installed on the computers.

Client-P2P

P2P network clients

They allow working on peer-to-peer networks. They can be used by intruders for spreading malware.

Client-SMTP

SMTP clients

They send email messages without the user's knowledge. Intruders plant them on computers to send spam from them.

WebToolbar

Web toolbars

They add toolbars to the interfaces of other applications to use search engines.

FraudTool

Pseudo-programs

They pass themselves off as other programs. For example, there are pseudo-anti-virus programs which display messages about malware detection. However, in reality, they do not find or disinfect anything.

See also

Anti-Virus protection

About virus scan status

Enabling and disabling Anti-Virus protection of messages

Enabling and disabling Anti-Virus scanning for a rule

Configuring Anti-Virus engine settings

Setting default values for Anti-Virus engine settings

Configuring actions on messages during Anti-Virus scanning

Configuring tags added to message subjects after Anti-Virus scanning

Configuring Anti-Virus scan restrictions and exclusions

Page top