Check Point Special Advisory
| Attack ID: | CPSA-2003-01 |
 |
|
| Publish Date: | |
|
|
| Category: | Special Advisory Worms and Viruses |
|
|
| Vulnerable Systems: | Any |
|
|
| Source: | Internal Research |
|
|
| Description: | The numbers of email and Point-to-Point (P2P) spread worms and viruses are rising. Check Point SmartDefense Advisory team identified an alarming number of email based worms that are able to spread across different mediums such as network shares (CIFS) and P2P applications such as KaZaA and ICQ. |
|
|
| Severity: | |
| Some of the latest worms are able to open back doors, launch Trojans, stop security applications and destroy computer systems. | |
| Details: | Virus authors are consistently looking for improved methods to spread their worms. Current and future infection methods contains SMTP (email) P2P (e.g. messaging applications) and Microsoft Networking protocols (CIFS). |
|
|
| Attack Detection: |
|
|
|
| Solution: | Check Point FireWall-1 / SmartDefense should be used in order to block worms and viruses according to different characteristics. FireWall-1 can block email messages that contains dangerous attachments, Allow authorized connections through Microsoft Networking and block P2P applications that are using port 80, which is usually open (for legitimate HTTP traffic) in order to traverse traditional firewalls. Recent SmartDefense advisories contain valuable information that would assist system administrators and security officers to militate against worms and viruses. Check Point customers are advised to follow the guidelines described at CPAI-2003-01 and CPAI-2003-02. As best practice, it is recommended to follow the following guidelines:
|
|
|
| Industry Reference: | |
|
|
| Additional Information: | |