Update Protection against The WebAttacker Spyware
| Check Point Reference: | CPAI-2006-083 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Sophos | |
| Industry Reference(s): | ||
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows clients | ||
| Vulnerability Description WebAttacker is a spyware kit sold on a Russian website for $15. The kit includes scripts designed to make simpler the task of infecting computers: the buyer spams out a message to email addresses inviting them to visit a compromised website. Once the user enters the compromised website, The website attempts to download the malicious code remotely onto the user's PC by taking advantage of known web browser and operating system vulnerabilities. |
||
|
Update/Patch Available |
|
|
Vulnerability Details The Russian website makes the kits available for online purchase and offers technical support to its buyers. These kits explain how to lure users into visiting compromised websites. These sites contain JavaScript code that identifies the visiting computers browser version and operating system, including any installed patches, and launches the most appropriate exploit. The exploit downloads a program that attempts to turn off the firewall and install malware, generally a password stealer, keylogger or a banking Trojan. |
Protection Overview
The Update enables the HTTP Worm Catcher to detect and block the vulnerability based on pre-defined worm signatures.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The update of July 13 includes the following protections:
WebAttacker Spyware Protection (CPAI-2006-083)
Geeklog Remote Code Execution Protection (CPAI-2006-084)
Cisco CallManager XSS Protection (CPAI-2006-085)
Plume CMS Manager Protection (CPAI-2006-086)
ASP.Net Information Disclosure Protection (MS06-033) - CPAI-2006-087
Spyware Installer malware Protection