Legitimate applications are applications that may be installed and used on computers of users and are intended for performing user tasks. However, when exploited by intruders, legitimate applications of certain types can harm the user's computer and the corporate LAN. If hackers gain access to these applications, or if they plant them on the user's computer, some of their features can be used to compromise the security of the user's computer or the corporate network.
These applications include IRC clients, auto-dialers, file downloaders, computer system activity monitors, password utilities, and Internet servers for FTP, HTTP, and Telnet.
Such applications are described in the table below.
Type |
Name |
Description |
---|---|---|
Client-IRC |
Online chat clients |
Users install these applications to communicate with people in Internet Relay Chats. Intruders use them to spread malware. |
Dialer |
Auto-dialers |
They can establish phone connections over a modem in hidden mode. |
Downloader |
Downloader applications |
They can download files from web pages in hidden mode. |
Monitor |
Monitor applications |
They allow monitoring activity on the computer on which they are installed (seeing which applications are active and how they exchange data with applications that are installed on other computers). |
PSWTool |
Password restorers |
They allow viewing and restoring forgotten passwords. Intruders secretly plant them on computers for the same purpose. |
RemoteAdmin |
Remote administration programs |
They are widely used by system administrators. These programs allow obtaining access to the interface of a remote computer to monitor and manage it. Intruders secretly plant them on computers for the same purpose: to monitor and control computers. Legitimate remote administration applications differ from Backdoor-type Trojans for remote administration. Trojans have the ability to penetrate the operating system independently and install themselves; legitimate applications are unable to do so. |
Server-FTP |
FTP servers |
They function as FTP servers. Intruders plant them on computers to gain remote access to them via the FTP protocol. |
Server-Proxy |
Proxy servers |
They function as proxy servers. Intruders plant them on computers to send spam from them. |
Server-Telnet |
Telnet servers |
They function as Telnet servers. Intruders plant them on computer to gain remote access to them via the Telnet protocol. |
Server-Web |
Web servers |
They function as web servers. Intruders plant them on computers to gain remote access to them via the HTTP protocol. |
RiskTool |
Tools for managing a virtual machine |
They offer the user additional capabilities for managing the computer. The tools allow the user to hide files or windows of active applications and terminate active processes. |
NetTool |
Network tools |
They offer the user of the computer on which they are installed additional capabilities for interacting with other computers on the network. These tools allow restarting them, detecting open ports, and starting applications that are installed on the computers. |
Client-P2P |
P2P network clients |
They allow working on peer-to-peer networks. They can be used by intruders for spreading malware. |
Client-SMTP |
SMTP clients |
They send email messages without the user's knowledge. Intruders plant them on computers to send spam from them. |
WebToolbar |
Web toolbars |
They add toolbars to the interfaces of other applications to use search engines. |
FraudTool |
Pseudo-programs |
They pass themselves off as other programs. For example, there are pseudo-anti-virus programs which display messages about malware detection. However, in reality, they do not find or disinfect anything. |