Detect date
10/25/2014
Class
RemoteAdmin
Platform
Win32

Parent class: Riskware

Riskware covers legitimate programs (some of which are sold publicly and commonly used for legitimate purposes), which can cause damage when they fall into the hands of malicious users (and are used to delete, block, modify, or copy data, or disrupt the performance of computers or networks). Programs in this class include remote administration utilities, IRC clients, dialer programs, file downloaders, software for monitoring computer activity, password management utilities, and numerous Internet server services such as FTP, web, proxy and telnet. These programs are not malicious in themselves, although they do have functions that can be used for malicious purposes. For example, a remote administration program such as WinVNC provides access to the interface of a remote computer and uses a remote machine to control or monitor it. This is how its functions are described on the developer’s official website: VNC stands for Virtual Network Computing. It is remote control software which allows you to view and interact with one computer (the “server”) using a simple program (the “viewer”) on another computer anywhere on the Internet. The two computers don’t even have to be the same type, so for example you can use VNC to view an office Linux machine on your Windows PC at home. VNC is freely and publicly available and is in widespread active use by millions throughout industry, academia and privately. This is a legitimate piece of software that is publicly available and a necessity for system administrators and other technical specialists. However, in the hands of malicious users, this program is capable of damaging user data; our Virus Lab has recorded incidents in which WinVNC was secretly installed in order to obtain full remote access to someone else’s computer. Another example is the mIRC utility. This is an IRC network client that is also a legitimate program: mIRC is a shareware IRC client for Windows. It is developed and copyrighted by Khaled Mardam-Bey. mIRC is a highly configurable IRC client with all the goodies other clients on UNIX, Macintosh and even on windows offer, combined with a *nice* and clean user interface. mIRC offers full color text lines, DCC File Send and Get capabilities, programmable aliases, a remote commands and events handler, place sensitive popup menu’s, a great Switchbar, World Wide Web and sound support, and… a lot more. mIRC is shareware but not crippled in any way… The extended features of mIRC can also be used by malicious users — our Virus Lab regularly identify Trojan programs (backdoors, in particular) which use mIRC functions. Any IRC backdoor is capable of writing its own scripts to the mIRC configurations file and successfully delivering its malicious payload without the knowledge of the user. The mIRC user won’t even suspect that a Trojan is running on his computer. Often, malicious programs install the mIRC client themselves for later malicious use. In such cases, mIRC is usually saved to the Windows folder and its subfolders. If mIRC is detected in these folders, it almost always means that the computer has been infected with some type of malicious programs. By default, the option to detect Riskware is disabled in Kaspersky Lab products. However, the user can always enable this option. Our opinion is that the user should make his/ her own decision. Read more

Class: RemoteAdmin

Programs in this category are used to remotely manage a computer, and are not malicious. However, they can be used with malicious intent to take total control of a victim machine. If a user has installed such a program on his/her computer, or if it was installed by a system administrator, then it does not pose any threat.

Read more

Platform: Win32

Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Description

The Ammyy Admin software is designed for remote control of a computer. When installed by an intruder, it allows full control of a victim’s computer for harmful purposes.

Top 10 countries with most attacked users (% of total attacks)

1
Russian
53.32%
2
Brazil
15.00%
3
Italy
4.84%
4
India
3.39%
5
Turkey
2.33%
6
Spain
1.86%
7
Greece
1.21%
8
Kazakhstan
1.20%
9
Belarus
0.97%
10
Romania
0.9%

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.