What is Riskware?

Riskware is the name given to legitimate programs that can cause damage if they are exploited by malicious users – in order to delete, block, modify or copy data, and disrupt the performance of computers or networks . Riskware can include the following types of programs that may be commonly used for legitimate purposes:

• Remote administration utilities
• IRC clients
• Dialer programs
• File downloaders
• Software for monitoring computer activity
• Password management utilities
• Internet server services – such as FTP, web, proxy and telnet

These programs are not designed to be malicious – but they do have functions that can be used for malicious purposes.

How Riskware can impact you

With so many legitimate programs that malicious users can employ for illicit purposes, it can be difficult for users to decide which programs represent a risk. For example, remote administration programs are often used by systems administrators and helpdesks for diagnosing and resolving problems that arise on a user’s computer. However, if such a program has been installed on your computer by a malicious user – without your knowledge – that user will have remote access to your computer. With full control over your machine, the malicious user will be able to use your computer in virtually any way they wish.

• Kaspersky Lab has recorded incidents in which legitimate, remote administration programs – such as WinVNC – have been secretly installed in order to obtain full remote access to a computer.
• In another example, the mIRC utility – which is a legitimate IRC network client – can be misused by malicious users. Trojan programs that use mIRC functions to deliver a malicious payload – without the knowledge of the user – are regularly identified by Kaspersky. Often, malicious programs will install the mIRC client for later malicious use. In such cases, mIRC is usually saved to the Windows folder and its subfolders. So, if mIRC is detected in these folders, it almost always means that the computer has been infected with a malicious program.

• Riskware can include any of the following behaviours:

  • Client-IRC
  • Client-P2P
  • Client-SMTP
  • Dialer
  • Downloader
  • Fraud Tool
  • Monitor
  • NetTool
  • PSWTool
  • RemoteAdmin
  • RiskTool
  • Server-FTP
  • Server-Proxy
  • Server-Telnet
  • Server-Web
  • WebToolbar

How to protect yourself against Riskware

Because there may be legitimate reasons why Riskware is present on your computer, antivirus solutions may not be able to determine whether a specific item of Riskware represents a threat to you. Kaspersky’s products let you decide whether you wish to detect and remove Riskware:

• Detecting and removing Riskware
  There can be many reasons why you suspect that a Riskware program, that has been detected by Kaspersky’s antivirus engine, is posing a threat. For example, if you didn’t consent to the installation of the program and you don’t know where the program came from, or if you’ve read a description of the program on Kaspersky’s website and you now have concerns over its safety. In such cases, Kaspersky’s antivirus software will help you to get rid of the Riskware program.
• Choosing not to detect Riskware
  For cases where Riskware programs are detected, but you’re confident that these are programs that you have consented to, you may decide that the Riskware programs are not harming your devices or data. Kaspersky products let you disable the option to detect these programs – or let you add specific programs to a list of exceptions – so that the antivirus engine doesn’t flag this Riskware as malicious.