Update Protections against Recent Malware Threats (7-Nov-07)
| Check Point Reference: | CPAI-2007-129 | |
| Date Published: | ||
| Severity: | ||
| Source: | http://www.spyany.com/program/article_ad_rm_NewDotNet.html http://www.spywareguide.com/spydet_2839_trojan_media_codec.html http://www.sophos.com/virusinfo/analyses/trojtrolla.html |
|
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows clients | ||
| Vulnerability Description Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network access to intrude upon organizations, destroying or stealing data. Spyware is computer software that is installed without the user's informed consent on a personal computer to intercept or take partial control over the user's interaction with the computer. Spyware programs can collect various types of personal information, install additional software, redirect Web browser activity, or divert advertising revenue to a third party. Adware is an advertising-supported software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. A Trojan horse is a program that installs malicious software while under the guise of doing something else. Trojans are known for installing backdoor programs which allow unauthorized non permissible remote access to the victim's machine by unwanted parties with malicious intentions. |
||
|
Vulnerability Details The update includes new protections against 3 recent malware threats: Trojan: Troll - Troll is a downloader program which can be configured to fetch files from malicious URLs and save them to the Windows folder, System folder or temporary folder. The downloaded files will then be executed. It also sends a notification message to a an ICQ account when run. Trojan: Zlob Media - Zlob Media Codec is a downloader Trojan that prompts users to upgrade to Windows Media Player to view adult oriented videos. However, Zlob actually downloads and installs additional malware on the user's machine. Upon installation, the browser settings may be altered with additional buttons installed on the Internet Explorer toolbar. Pop ups of unwanted advertisements and alert messages are displayed to scare users into purchasing these software. Spyware: New Net - New Net is a company that sells domain names for "non-standard" top-level domains. Upon installation of the software, other file sharing clients and other free downloads are bundled with it. It also hijacks the user's address bar and redirects all searches to another server where automatic updates may be downloaded without the user's consent. |
Protection Overview
The update enables the Header Rejection protection to detect and block the malware based on pre-defined header names.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The update released on November 7, 2007 includes the following protections:
Microsoft Windows Media Player Skin Parsing Vulnerability (MS07-047) CPAI-2007-102
MIT Kerberos kadmind RPC Library Buffer Overflow Vulnerability (CPAI-2007-126)
Sun Microsystems JRE Memory Exception Vulnerability (CPAI-2007-127)
Microsoft Windows MFC Library Heap Overflow Vulnerability (CPAI-2007-128)
Protections against Recent Malware Threats (CPAI-2007-129)