What is riskware?
Riskware is a term used to describe legal programs (many of which have legitimate applications and which are freely available) which could be used for malicious purposes.
The Riskware class includes such programs as legitimate remote administration utilities, IRC client programs, dialer programs, downloader programs, any type of activity monitor, password utilities, and many internet services such as FTP, Web, Proxy and Telnet.
None of these programs are inherently malicious. However, their functionalities can be used with malicious intent.
One example is WinVNC. The manufacturer's official site describes this program in the following way:
VNC stands for Virtual Network Computing. It is remote control software which allows you to view and interact with one computer (the "server") using a simple program (the "viewer") on another computer anywhere on the Internet. The two computers don't even have to be the same type, so for example you can use VNC to view an office Linux machine on your Windows PC at home. VNC is freely and publicly available and is in widespread active use by millions throughout industry, academia and privately.
The description makes it clear that this program is entirely legitimate, freely available, and used by system administrators and other IT professionals.
However, this program could be used with malicious intent. The Kaspersky Virus Lab has encountered cases where WinVNC was installed without the user's knowledge in order to gain total access to a remote machine.
Another example is the mIRC utility. This legitimate program is described in the following way on the product site:
mIRC is a shareware IRC client for Windows. It is developed and copyrighted by Khaled Mardam-Bey. mIRC is a highly configurable IRC client with all the goodies other clients on UNIX, Macintosh and even on windows offer, combined with a *nice* and clean user interface. mIRC offers full color text lines, DCC File Send and Get capabilities, programmable aliases, a remote commands and events handler, place sensitive popup menu's, a great Switchbar, World Wide Web and sound support, and... a lot more. mIRC is shareware but not crippled in any way...
mIRC's extended functionality can be used with malicious intent, and Kaspersky Lab virus analysts regularly encounter Trojan backdoors which utilize mIRC. Any IRC backdoor is capable of writing its own scripts to the mIRC configuration file without the knowledge or consent of the user. This enables the backdoor to deliver its malicious payload, and the user will be totally unaware that a Trojan is active on the system.
Additionally, malicious programs may install mIRC to the victim machine. mIRC functionality may then be used in the future with malicious intent. In such cases, mIRC will usually be located in the Windows directory or subdirectories. If mIRC is found in this location, it almost certainly means that while the program itself is not malicious, the computer itself has been infected by a malicious program.
- What Employers Are Doing About Employees Surfing the Web at Work
- Pros of Electronic Surveillance of Employees
- Your Boss Is Watching
- Does Your Boss Engage in Electronic Monitoring?
- How to Monitor Your Child’s Internet Usage
- Should You Monitor Your Employees' Web Use?
- Do You Need Employee Monitoring Application?
- Employee Monitoring Software: Do we need them?
Our Fortune 500