Riskware – a thin line between benign and malicious programs
Programming is something that can be used for good and also for bad reasons. We can write software with the sole purpose of causing harm, or we can be developers whose aim is to make things better and easier. Nowadays we can hear a lot about the first ones, the malware, but what about riskware?
What is riskware at all?
There are some legitimate computer programs which can act as malware and cause damage if they are used by bad guys. It’s like a gun. It matters who holds it and why. A gun is very dangerous in a killer’s hand, but it’s an effective tool to a policeman who’d like to keep the peace.
Just an easily understandable example of a riskware: remote administration programs.
Benign program: if there’s a problem on a customer’s computer, sysadmins and helpdesks can easily find out what’s the problem with the help of this software and it makes the resolving process faster and easier.
Malware: if this program is installed on your computer without your knowledge, the bad guys will have remote access to your computer and do whatever they want without even infecting the software itself.
Classification of Riskware
Spyware is a legal „information stealer”. It collects information and forwards it to a third party member - mostly without your knowledge. This type of software is packaged as a commercial software because those are buying and using it, who have physical access to or own the computer. Some example:
Parents who’d like to monitor their child’s activity
In an office, where the employee’s activity is monitored
Schools, where the teachers can see what the students doing are
It’s OK if the user is aware of the appearance of the spyware on the computer and his/her browsing is captured. But as soon as it is used for collecting data such as passwords, credit card numbers, PIN numbers, email addresses, etc, for malicious purposes, we cannot say it’s a legitimate program anymore.
If we want to exit from a website, we can usually see a pop up that’s saying: „Hey, don’t go, here’s a 50% voucher”. Or if you’d like to buy a new mobile phone and check it on a website, you’ll see that phone’s (or its accessories’) advertisement almost everywhere on the web. Adware is behind all of these. It is a program which tracks the browsing behaviour and uses the collected information for marketing purposes for example delivering custom advertisement (e.g. exit intent pop up) to you.
It’s not necessarily harmful, however it has the potential to be. If a large number of popup ads appear in a user's browser, they can disrupt their work or entertainment, slow down the computer’s performance and it can crash the entire system.
There’s another way, how Adware can be used for malicious reasons. It can redirect us to an unsafe site (e.g. phishing site) and/or shows us advertisements which contains Trojan virus or Spyware.
3. Hacker tools
Let’s think of Nmap. System administrators can use it for mapping the network, searching for vulnerabilities, finding unauthorized servers in the network, scanning open ports, etc. But on the other hand, of course it can be a weapon for the black hat hackers. Those system admin tools which are used for causing harm are called hacker tools. By utilizing them, they can gain unauthorized access. A well-known hacker tool is the port scanner which helps the hackers finding vulnerable point on your server.
It’s like someone saying an insulting joke to you. If you get it, there’s no problem, but if you don’t realise that it’s just a joke, you can feel yourself really bad. There are some programs which were created just for fun, but the effect on the user can be dangerous.
For example, it can display messages and the user can believe that their computer is destroyed so they decide to format the hard drive. If it happens with a critical system or if the drive contains important data, the effects can be significant.
Microsoft Sysinternal’s Blue Screen of Death screensaver is a riskware, too. Someone can believe that it’s real, so the sysadmin will reboot the server. An unnecessary reboot can cause damage on the server.
Don’t be the victim of riskware!
BitNinja can identify malicious attempts and our modules (mostly the WAF , Malware Detection and Port Honeypot ) offer proactive protection against suspicious riskware.
Also, if you download a software or a file, make sure it’s from a reputable website and read the Terms and Service Agreement.
Source: Christopher C. Elisan - Malware, Rootkits & Botnets A Beginner's Guide