About computer protection against certain legitimate applications
July 10, 2024
ID 100338
Legitimate programs are programs that may be installed and used on computers of users and are intended for performing user tasks. However, when exploited by hackers, legitimate programs of certain types can harm the user's computer and the corporate LAN. If hackers gain access to these programs, or if they plant them on the user's computer, some of their features can be used to compromise the security of the user's computer or the corporate LAN.
These programs include IRC clients, dialers, file downloaders, computer system activity monitors, password management utilities, and Internet servers for FTP, HTTP, and Telnet.
Such programs are described in the table below.
Legitimate programs
Type | Name | Description |
|---|---|---|
Client-IRC | Online chat clients | Users install these programs to communicate with people in Internet Relay Chats. Hackers use them to spread malware. |
Dialer | Auto-dialers | They can establish hidden phone connections using a modem. |
Downloader | Downloader programs | These programs can download files from web pages in hidden mode. |
Monitor | Monitoring programs | These programs allow monitoring activities on the computer on which they are installed (seeing which programs are active and how they exchange data with programs that are installed on other computers). |
PSWTool | Password recovery tools | These programs allow viewing and recovery of forgotten passwords. Hackers secretly plant them on computers for the same purpose. |
RemoteAdmin | Remote administration programs | These programs are widely used by system administrators. These programs allow obtaining access to the interface of a remote computer to monitor and manage it. Hackers secretly plant them on computers for the same purpose: to monitor and control computers. Legitimate remote administration programs differ from Backdoor-type Trojans for remote administration. Trojans have the capability to penetrate the system and perform an unauthorized installation of themselves; legitimate programs do not have such capability. |
Server-FTP | FTP servers | These programs function as FTP servers. Hackers plant them on computers to obtain remote access over the FTP protocol. |
Server-Proxy | Proxy servers | These programs function as proxy servers. Hackers plant them on computers to send spam from them. |
Server-Telnet | Telnet servers | These programs function as Telnet servers. Hackers plant them on computers to obtain remote access over the Telnet protocol. |
Server-Web | Web servers | These programs function as web servers. Hackers plant them on computers to obtain remote access over the HTTP protocol. |
RiskTool | Tools for managing a virtual machine | They offer the user additional capabilities for managing the computer. These tools allow the user to hide files or windows of active applications and terminate active processes. |
NetTool | Network tools | These programs offer the user of the computer on which they are installed additional capabilities for interacting with other computers on the network. These tools allow rebooting other computers, detecting open ports, and starting programs that are installed on the computers. |
Client-P2P | P2P network clients | These programs allow using peer-to-peer (P2P) networks. These programs can be used by hackers to spread malware. |
Client-SMTP | SMTP clients | These programs send email messages without the user's knowledge. Hackers plant them on computers to send spam from them. |
WebToolbar | Web toolbars | These programs add toolbars to the interfaces of other programs to use search engines. |
FraudTool | Fake programs | These programs pass themselves off as other programs. For example, there are fake anti-virus programs that display messages about detected malware. However, in reality, they do not find or disinfect anything. |