Integrity Clientless Security (ICS) Update 3.7.89.0

Vulnerability
Protection

Check Point Reference:	CPAI-2006-068
Date Published:
Severity:
Last Updated:
Source:	SmartDefense Research Center
Protection Provided by:	Connectra NGX R61 NGX 2.0
Who is Vulnerable? Microsoft Windows clients
Vulnerability Description Check Point Integrity ™ Clientless Security (ICS) for Connectra prevents users with potentially harmful software from accessing your network and requires that they conform to the organizations antivirus and firewall policies. For more information, please refer to Connectra documentation and to ICS administration Guide. 106 new malware signatures were added to ICS version 3.7.89.0. For a full list of the added malware, refer to the Details tab.

Vulnerability Details
106 malware have been added to ICS update 3.7.89.0:
Win32.AdWare.180Solutions.af
Win32.AdWare.AdHelper.b
Win32.AdWare.AdHelper.i
Win32.AdWare.AdHelper.l
Win32.AdWare.Adstart.b
Win32.AdWare.Altnet.p
Win32.AdWare.BetterInternet.m
Win32.AdWare.BlogChina.i
Win32.AdWare.CashSpace.a
Win32.AdWare.Casino.d
Win32.AdWare.EZula.aj
Win32.AdWare.EZula.br
Win32.AdWare.FindSpy.a
Win32.AdWare.FunWeb.e
Win32.AdWare.Gator.4006
Win32.AdWare.HotBar.bh
Win32.Adware.Mirarbar
Win32.AdWare.NaviPromo.k
Win32.AdWare.PurityScan.do
Win32.AdWare.PurityScan.ds
Win32.AdWare.PurityScan.dt
Win32.AdWare.PurityScan.du
Win32.AdWare.PurityScan.dz
Win32.AdWare.PurityScan.w
Win32.AdWare.Rapid.a
Win32.AdWare.SafeSurfing.j
Win32.AdWare.ToolBar.ISearch.d
Win32.AdWare.ToolBat.EliteBar.z
Win32.AdWare.TotalVelocity.i
Win32.AdWare.TotalVelocity.k
Win32.AdWare.WebSearch.az
Win32.AdWare.WinAD.bf
Win32.AdWare.Wintol.af
Win32.BackDoor.CVM
Win32.Backdoor.Feardoor.c
Win32.Backdoor.IRCBot.es
Win32.Backdoor.LanControl.a
Win32.Backdoor.PcClient.py
Win32.Backdoor.Rbot.uf
Win32.Backdoor.SdBot.aoy
Win32.Backdoor.SdBot.lt
Win32.Backdoor.SdBot.zj
Win32.Dialer.Small.1
Win32.DownLoader.5206
Win32.Email.Flooder.Shadow.11
Win32.Email.Worm.Bagle.ch
Win32.Email.Worm.Eyeveg.g
Win32.Flooder.VB.cq
Win32.Hoax.Avgold.c
Win32.Hotbar
Win32.IM.Flooder.VB.eh
Win32.IM.Worm.Kelvir.b
Win32.Net.Worm.Bobic.b
Win32.Net.Worm.Dedler.m
Win32.Net.Worm.Mytob.t
Win32.Net.Worm.Shelp.a
Win32.Peflog.30
Win32.TClock
Win32.Trojan.Agent.p
Win32.Trojan.Agent.sk
Win32.Trojan.Bancos.gu
Win32.Trojan.Besysad.a
Win32.Trojan.Clicker.Agent.fb
Win32.Trojan.Clicker.Chimoz.a
Win32.Trojan.Clicker.Small.du
Win32.Trojan.DDoS.Boxed.z
Win32.Trojan.Dialer.pg
Win32.Trojan.DownLoader.4711
Win32.Trojan.Downloader.Agent.oa
Win32.Trojan.Downloader.Apher.gen
Win32.Trojan.Downloader.Delf.akf
Win32.Trojan.Downloader.Delf.akq
Win32.Trojan.Downloader.IstBar.er
Win32.Trojan.Downloader.PurityScan.ah
Win32.Trojan.Downloader.PurityScan.am
Win32.Trojan.Downloader.QQHelper.ah
Win32.Trojan.Downloader.QQHelper.au
Win32.Trojan.Downloader.Realtens.g
Win32.Trojan.Downloader.Realtens.h
Win32.Trojan.Downloader.Small.aak
Win32.Trojan.Downloader.Small.asu
Win32.Trojan.Downloader.Small.aui
Win32.Trojan.Downloader.Small.bnk
Win32.Trojan.Downloader.Small.dal
Win32.Trojan.Downloader.Small.fg
Win32.Trojan.Downloader.Small.wg
Win32.Trojan.Downloader.VB.aam
Win32.Trojan.Downloader.VB.fi
Win32.Trojan.Downloader.VB.nh
Win32.Trojan.Downloader.Vidlo.m
Win32.Trojan.Downloader.WinShow.ap
Win32.Trojan.Downloader.Wintool.e
Win32.Trojan.Downloader.Zlob.ot
Win32.Trojan.MulDrop.2135
Win32.Trojan.PSW.Delf.fj
Win32.Trojan.PSW.LdPinch.st
Win32.Trojan.RAdmin.2
Win32.Trojan.Scapur.i
Win32.Trojan.Spy.Agent.ex
Win32.Trojan.Spy.Banker.ant
Win32.Trojan.Spy.Banker.aov
Win32.Trojan.Spy.VB.eh
Win32.Trojan.StartPage.ey
Win32.W32Banker.RNO
Win32.Winad
WinFixer2005

Protection Overview
The Update adds 106 new malware signatures, detecting threats posed by malware types such as worms, Trojan horses, hacker's tools, key loggers, browser plug-ins, Adwares, third party cookies, and so forth.

To configure the defense, select your product from the list below and follow the related protection steps.

Connectra NGX R61

How Can I Protect My Network?
Update version for Connectra NGX R61: 692060626

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security and Integrity Secure Workspace.
3. Click Download Updates.
4. Install security policy.

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R61 who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware type: 3rd party cookie
Malware name: Win32.AdWare.CashSpace.a

Connectra NGX

How Can I Protect My Network?
Users of Connectra NGX can update their Integrity Clientless Security (ICS) component.

Update version for Connectra NGX: 691060626

For instructions on how to update your SmartDefense Service including your Integrity Clientless Security component, please refer to CPSA-2005-11.

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware type: 3rd party cookie
Malware name: Win32.AdWare.CashSpace.a

Connectra 2.0

How Can I Protect My Network?
Users of Connectra 2.0 can update their Integrity Clientless Security (ICS) component.

Update version for Connectra 2.0: 690060626

For instructions on how to update your SmartDefense Service including your Integrity Clientless Security component, please refer to CPSA-2005-11.

How Do I Know if My Network is Under Attack?
Users Of Connectra 2.0 who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware type: 3rd party cookie
Malware name: Win32.AdWare.CashSpace.a

Legal Notice for Threat Center Advisories