Riskware – a thin line between benign and malicious programs
Eniko Toth

Riskware – a thin line between benign and malicious programs

Riskware – a thin line between benign and malicious programs

Programming is something that can be used for good and also for bad reasons. We can write software with the sole purpose of causing harm, or we can be developers whose aim is to make things better and easier. Nowadays we can hear a lot about the first ones, the malware, but what about riskware?

What is riskware at all?

There are some legitimate computer programs which can act as malware and cause damage if they are used by bad guys. It’s like a gun. It matters who holds it and why. A gun is very dangerous in a killer’s hand, but it’s an effective tool to a policeman who’d like to keep the peace.


Just an easily understandable example of a riskware: remote administration programs.

  • Benign program: if there’s a problem on a customer’s computer, sysadmins and helpdesks can easily find out what’s the problem with the help of this software and it makes the resolving process faster and easier.

  • Malware: if this program is installed on your computer without your knowledge, the bad guys will have remote access to your computer and do whatever they want without even infecting the software itself.

Classification of Riskware

1.Spyware

Spyware is a legal „information stealer”. It collects information and forwards it to a third party member - mostly without your knowledge. This type of software is packaged as a commercial software because those are buying and using it, who have physical access to or own the computer. Some example:


  • Parents who’d like to monitor their child’s activity

  • In an office, where the employee’s activity is monitored

  • Schools, where the teachers can see what the students doing are



It’s OK if the user is aware of the appearance of the spyware on the computer and his/her browsing is captured. But as soon as it is used for collecting data such as passwords, credit card numbers, PIN numbers, email addresses, etc, for malicious purposes, we cannot say it’s a legitimate program anymore.


2.Adware

If we want to exit from a website, we can usually see a pop up that’s saying: „Hey, don’t go, here’s a 50% voucher”. Or if you’d like to buy a new mobile phone and check it on a website, you’ll see that phone’s (or its accessories’) advertisement almost everywhere on the web. Adware is behind all of these. It is a program which tracks the browsing behaviour and uses the collected information for marketing purposes for example delivering custom advertisement (e.g. exit intent pop up) to you.


It’s not necessarily harmful, however it has the potential to be. If a large number of popup ads appear in a user's browser, they can disrupt their work or entertainment, slow down the computer’s performance and it can crash the entire system.

There’s another way, how Adware can be used for malicious reasons. It can redirect us to an unsafe site (e.g. phishing site) and/or shows us advertisements which contains Trojan virus or Spyware.

3. Hacker tools

Let’s think of Nmap. System administrators can use it for mapping the network, searching for vulnerabilities, finding unauthorized servers in the network, scanning open ports, etc. But on the other hand, of course it can be a weapon for the black hat hackers. Those system admin tools which are used for causing harm are called hacker tools. By utilizing them, they can gain unauthorized access. A well-known hacker tool is the port scanner  which helps the hackers finding vulnerable point on your server.

4.Joke

It’s like someone saying an insulting joke to you. If you get it, there’s no problem, but if you don’t realise that it’s just a joke, you can feel yourself really bad. There are some programs which were created just for fun, but the effect on the user can be dangerous.

For example, it can display messages and the user can believe that their computer is destroyed so they decide to format the hard drive. If it happens with a critical system or if the drive contains important data, the effects can be significant.

Microsoft Sysinternal’s Blue Screen of Death screensaver is a riskware, too. Someone can believe that it’s real, so the sysadmin will reboot the server. An unnecessary reboot can cause damage on the server.

Don’t be the victim of riskware!

BitNinja can identify malicious attempts and our modules (mostly the WAF , Malware Detection and Port Honeypot ) offer proactive protection against suspicious riskware.

Also, if you download a software or a file, make sure it’s from a reputable website and read the Terms and Service Agreement. 

Stay safe! 

Source: Christopher C. Elisan - Malware, Rootkits & Botnets A Beginner's Guide



Share your ideas with us about this article

Previous posts

What is going on in the background of the cyberworld
There are things we are not really waiting for, in fact we are looking for a way to bypass or avoid them. Unfortunately, some of them are inevitable just like the Cyber Worldwar, which in fact has already begun. Mentionable acts from history There was a historical milestone on May 12th, 2017 when within only one day one country has invaded 150 other countries. Now you would start to think: why can't I remember anything like this? Well, the answer is simple, it was the "in"famous WannaCry ransomware, it has invaded more than 200 thousand computers. By assumptions, it originated from North...
Drupalgeddon 3 in retrospect
As you know, recently we’ve released multiple security patches for the Drupalgeddon vulnerabilities. The last one was Drupal Remote Code Execution - SA-CORE-2018-004, CVE-2018-7602, patched only 2 days after it was first discovered. We’re very proud of our quick reaction time and would like to share some statistics with you about the attacks that were prevented since then - with the help of BitNinja. The data from the first incident that we’ve caught looks like this (the URL is masked for privacy purposes): Url: [###.hu//] Headers: [array ( 'User-Agent' => 'Mozilla/5.0 (X...