Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Integrity Clientless Security (ICS) Update 3.7.67.0

Subscribe

Check Point Reference: CPAI-2006-022
Date Published:
Severity:
Last Updated:
Source: SmartDefense Research Center
Protection Provided by: Connectra
  • NGX
  • 2.0
Who is Vulnerable?
Microsoft Windows clients
Vulnerability Description
Check Point Integrity ™ Clientless Security (ICS) for Connectra prevents users with potentially harmful software from accessing your network and requires that they conform to the organization’s antivirus and firewall policies. For more information, please refer to Connectra documentation and to ICS administration Guide. 

167 new malware signatures were added to ICS version 3.7.67.0. For a full list of the added malware, refer to the Details section (SmarDefense Services subscription required).
Vulnerability Details
The following malware were added to ICS update 3.7.67.0:

Win32.Win95.CIH.1003.b 
Win32.Trojan.KillProc.d 
Win32.Trojan.Dropper.Small.wl 
Trojan-Spy.Win32.Agent.ig 
Win32.Trojan.PSW.Lmir.add 
Win32.Backdoor.VB.df 
Win32.MalwareScope.Downloader.Small.1 
Win32.HLLW.Ronoper.k 
Win32.Trojan.Agent.bi - service
Win32.Trojan.Clicker.Axec 
Win32.HackTool.Hucline 
Win32.Dropper.Worm.Bagle.ai 
Win32.Trojan.MailSpam 
Win32.Trojan.Puper.a 
Win32.Trojan.PSW.Lmir.xe 
Win32.TrojanSpy.Small.i 
Win32.TrojanDownloader.Dluca 
Win32.Trojan.Perflog 
Win32.Oscar 
Win32.Trojan.Dropper.PVStealth.b 
Win32.Trojan.Golid.f 
Win32.BO2k 
Win32.Win95.Marburg.5793 
Win32.P2P.Worm.Tibick.f 
Win32.Nuker.DccFuker.12 
Win32.Trojan.PSW.Lmir.aa 
Win32.Worm.Fasong.a - service
Win32.Win95.Dupator.1503 
Win32.Trojan.PSW.Lmir.mx 
Win32.Backdoor.Small.cn 
Win32.Trojan.PSW.Lmir.ob 
Win32.Virus.HLLP.Lmir.a 
Win32.Trojan.PSW.Lmir.oa 
Trojan.Downloader.Win32.Banload.kk 
Network Monitor 
Win32.Backdoor.Pahador 
Win32.TrojanDropper.Small.hs 
Win32.BOrifice.10 
Win32.Dialer.Salc 
Win32.Backdoor.VB.gx 
Win32.BioNet.403 ID2744
Win32.Trojan.PSW.Lmir.gk ID2761
Win32.Trojan.PSW.QQRob.15 ID2790
Win32.P2P.Worm.Licia.10 ID2698
Win32.Trojan.Small.ae ID2831
Win32.Trojan.Downloader.1622 ID2851
Win32.Trojan.Spy.Agent.s ID2754
Win32.MalwareScope.Downloader.Harnig.1 ID2717
Backdoor.Win32.SdBot.aku ID2742
Backdoor.Win32.Drat.130 ID2846
Win32.MalwareScope.Trojan.Spy.Banker.1 ID2718
Win32.Trojan.Spy.KeyLogger.d ID2835
Win32.Trojan.IM.Ikmet.b ID2855
Win32.Backdoor.Rbot.aaq ID2743
Win32.Trojan.Spy.Agent.bo ID2792
Win32.Trojan.Spy.Bancos.u ID2832
Win32.Trojan.Notifier.Small.d ID2819
Win32.TrojanDropper.Fearless ID2796
Win32.TrojanSpy.SilentLog ID2799
Win32.Worm.Bagle.z.dr ID2756
Win32.Trojan.Dropper.Delf.c ID2814
Win32.Trojan.Spy.Banker.ea ID2834
Win32.TrojanSpy.Qukart ID2843
Backdoor.Win32.SdBot.akc ID2699
Win32.Trojan.Crypt.d ID2733
Win32.Trojan.PSW.QQDragon.t ID2762
Win32.Backdoor.VB.gy ID2771
Win32.Win95.CIH.1019 ID2857
Win32.DDick.153 ID2759
Win32.HLLW.Bagz.c ID2728 - service
Win32.PurityScan.br ID2780
Win32.DownLoader.937 ID2711
Win32.Backdoor.VB.ln ID2691
Win32.Backdoor.Harvester.10 ID2767
Win32.TrojanSpy.GWGhost.r ID2842
Win32.HLLW.MyBot.based ID2807
Win32.Magistr.34326 ID2778
Backdoor.Win32.Agobot.ada ID2803
Win32.Win95.HPS.5124 ID2801
Win32.PWS.GoldSpy ID2809
Win32.Flooder.UDP.20 ID2776
Win32.Trojan.TopAntiSpyware.j ID2837
Win32.Trojan.Proxy.Ranky.ca ID2821
Win32.PWS.Legmir ID2695
Win32.PWS.Haxspy ID2810
Win32.HLLW.SoftSix.b ID2715
Win32.Net.Worm.Padobot.h ID2694
Win32.Trojan.PSW.Lmir.ny ID2826
Win32.Trojan.PSW.QQPass.as ID2828
Win32.Trojan.PSW.TFC ID2791
Win32.Trojan.PSW.Delf.bz ID2785
Win32.HLLW.Nimda.57344 ID2714
Win32.TrojanDropper.ExeBundle.286 ID2840
Win32.Backdoor.DSNX.0_4_b ID2766
Win32.Trojan.Dropper.Agent.ce ID2783
Win32.Trojan.VB.qx ID2838
Win32.Backdoor.RCServ.h ID2705
Win32.Backdoor.Death.25.i ID2765
Win32.Space.1445 ID2811
Win32.PWS.QQDragon ID2781
Win32.Trojan.Peflog.147 ID2820
Win32.Backdoor.Xtcp.200 ID2707
Win32.Backdoor.Rbot.aju ID2805
Win32.HLLW.Ghostbot ID2692
Win32.TrojanDropper.EliteWrap.103 ID2839
Win32.Xoralda.2048 ID2741
Win32.Trojan.LowZones.g ID2817
Win32.Trojan.PSW.Lmir.o ID2787   
Win32.Trojan.Dropper.Small.aan ID2760
Win32.Trojan.DownLoader.5226 ID2735
Win32.Backdoor.Agobot.hl ID2700
Backdoor.Win32.Rbot.aih ID2757
Win32.Trojan.PWS.QQSender ID2697
Win32.Bau ID2772
Win32.DownLoader.2711 ID2849
Win32.Trojan.PSW.Lmir.lo ID2824
Win32.Flooder.Xexe ID2747
Win32.Trojan.Dropper.Delf.jc ID2815
Win32.Virus.HLLP.Semisoft.i ID2739
Win32.Trojan.Spy.Qukart.w ID2794
Win32.TrojanDropper.ExeBind ID2795
Win32.Backdoor.Rbot.mq ID2704
Win32.Beast.206 ID2708
Win32.Trojan.PSW.M2.1_4 ID2789
Win32.Trojan.PSW.Delf.cp ID2751
Win32.Latinus ID2850
Win32.Trojan.PSW.QQCat.11 ID2753
Win32.Constructor.Macro.Moothie.c ID2709
Win32.Nuker.Vaite.10 ID2854
Win32.Backdoor.NetShadow.a ID2702
Win32.P2P.Worm.Tanked.14 ID2730
Win32.Dialer.Sporn ID2710
Win32.Backdoor.EvilBot ID2701
Win32.obrya ID2722
Win32.Trojan.Spy.Spav ID2763
Win32.Dropper.Bagle.ah ID2774
Win32.TrojanSpy.Delf.df ID2798
Win32.Trojan.Spy.Banker.ajn ID2833
Win32.Trojan.PWS.Banker.based ID2737
Win32.core205 ID2845
Win32.Trojan.Spy.GWGhost.j ID2793
Win32.ms1src ID2719
Win32.Backdoor.Delf.fl ID2727
Win32.TrojanDropper.Small.lf ID2841
Win32.TrojanDownloader.IstBar.ak ID2755
Win32.Trojan.PSW.Sagic.b ID2829
Win32.Nox.2346 ID2808
Win32.P2P.Worm.SdDrop.a ID2729
Win32.Trojan.PSW.Dripper ID2786
Win32.Worm.Lemoor.a ID2858
Win32.Trojan.Delf.fs ID2813
Win32.Email.Worm.Bropia.F ID2712
Win32.Silly.180 ID2724   
Win32.Trojan.PSW.Lineage.b ID2822
Win32.Backdoor.Outbreak.100.a ID2768 - service
Win32.Worm.P2P.Darby.o ID2844
Win32.Dropper.Worm.Bagle.af ID2775
Win32.Trojan.Delf.bz ID2734
Win32.BOrifice ID2745
Win32.Net.Worm.Padobot.n ID2720
Win32.MalwareScope.Dialer.NWMini.1 ID2716
Win32.Trojan.PSW.QQRob.12 ID2852
Win32.TR.Click.Small.DN.3 ID2732
Win32.Trojan.Spy.SCKeyLog.o ID2836
Trojan-Downloader.Win32.QDown.m ID2847
Win32.HLLW.Mabutu.a ID2777
Win32.Backdoor.PcClient.hp ID2804

Protection Overview
The Update adds 167 new malware signatures, detecting threats posed by malware types such as worms, Trojan horses, hacker's tools, key loggers, browser plug-ins, Adwares, third party cookies, and so forth.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
Zone Labs Spyware Information Center

Connectra NGX/2.0

How Can I Protect My Network?
Users of Connectra NGX/2.0 can update their Integrity Clientless Security (ICS) component.

Update version for Connectra NGX: 691060301
Update version for Connectra 2.0:  690060301

For instructions on how to update your SmartDefense Service including your Integrity Clientless Security component, please refer to CPSA-2005-11.

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX/2.0 who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware type: 3rd party cookie
Malware name: Win32.Trojan.MailSpam