There’s a saying, ‘Guns don’t kill people, people do.’ So it is with riskware. ‘Riskware doesn’t hack people, people do.’ Riskware is the name given to legitimate software that can be used for hacking purposes if it is exploited by malicious hackers. Basically, any software that can remotely use the machine, delete, block, disrupt networks or copy data could be a candidate for riskware.
More specifically, the following types of programs have been hijacked by hackers to aid and abet theft , spying and intrusion.
- Internet server programs, like FTP, telnet programs and proxy services.
- File downloaders
- Phone dialing programs
- IRC Chat programs
- Computer monitoring software
- Remote control/administration utilities
One example of riskware is used to steal information involves the program WinVNC. This program allows users to have full, remote access to the machine on which it is installed. Security researchers have found several examples of WinVNC being surreptitiously installed on machines and then being used to allow the hacker full access to the machine, resulting in loss of data and theft.
So how do you ascertain whether a program is being used for good or bad? First and most obvious, ask yourself if you approved the installation of the program. If not, it was probably put there to exploit you. Second, look where the program is installed. If it’s not installed in the most obvious Windows application folder, it was likely injected and installed on your machine – to be used later – without your knowledge.
A current antivirus program can help detect riskware.