Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Integrity Clientless Security (ICS) Update 3.7.166.0

Subscribe

Check Point Reference: CPAI-2007-080
Date Published:
Severity:
Source: SmartDefense Research Center
Protection Provided by: Connectra
  • NGX R62
  • NGX R61
  • NGX
  • 2.0
Who is Vulnerable?
Microsoft Windows clients
Vulnerability Description
Check Point Integrity ™ Clientless Security (ICS) protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, and also require that they conform to your antivirus and critical patch policies.

Integrity Clientless Security requires no pre-installed software on endpoint computers, except a supported browser. The scan is performed by an ActiveX component deployed from your Web server to each endpoint computer that requests access.
 
108 new malware signatures were added to ICS version 3.7.166.0. For a full list of the added malware, refer to the Details tab.
Vulnerability Details
ICS Update 3.7.166.0 includes 108 new malware patterns:

Actual Invisible Keylogger
Win32.Backdoor.Delf.tp
Win32.Backdoor.Hupigon.aan
Win32.Backdoor.Hupigon.adb
Win32.Backdoor.Hupigon.auj
Win32.Backdoor.Hupigon.avb
Win32.Backdoor.Hupigon.bke
Win32.Backdoor.Hupigon.bmp
Win32.Backdoor.Hupigon.bpv
Win32.Backdoor.Hupigon.caa
Win32.Backdoor.Rbot.ama
Win32.Backdoor.Rbot.amh
Win32.Backdoor.Rbot.amm
Win32.Backdoor.Rbot.anc
Win32.Backdoor.Rbot.aor
Win32.Backdoor.Rbot.aox
Win32.Backdoor.Rbot.apj
Win32.Backdoor.Rbot.apq
Win32.Backdoor.Rbot.asn
Win32.Backdoor.Rbot.ava
Win32.Backdoor.Rbot.axh
Win32.Backdoor.Rbot.ayi
Win32.Backdoor.Rbot.azc
Win32.Backdoor.Rbot.azn
Win32.Backdoor.Rbot.azr
Win32.Backdoor.Rbot.fx
Win32.Backdoor.Rbot.ga
Win32.Backdoor.Rbot.gi
Win32.Backdoor.Rbot.go
Win32.Backdoor.Rbot.gv
Win32.Backdoor.Rbot.ns
Win32.Backdoor.SdBot.ala
Win32.Email.Worm.Warezov.pa
Win32.Pigeon.46
Win32.sllserv
Win32.Trojan.Agent.akv
Win32.Trojan.Agent.dt
Win32.Trojan.Agent.gc
Win32.Trojan.Agent.ha
Win32.Trojan.Agent.hh
Win32.Trojan.Agent.iv
Win32.Trojan.Agent.mu
Win32.Trojan.Agent.of
Win32.Trojan.Clicker.Agent.ac
Win32.Trojan.Clicker.Agent.ek
Win32.Trojan.Clicker.Small.jx
Win32.Trojan.DDoS.Small.h
Win32.Trojan.Downloader.Adload.aa
Win32.Trojan.Downloader.Adload.g
Win32.Trojan.Downloader.Agent.bjo
Win32.Trojan.Downloader.Agent.j
Win32.Trojan.Downloader.Agent.rm
Win32.Trojan.Downloader.Agent.xq
Win32.Trojan.Downloader.Agent.yu
Win32.Trojan.Downloader.Agent.zl
Win32.Trojan.Downloader.Agent.zm
Win32.Trojan.Downloader.Murlo.ct
Win32.Trojan.Downloader.Small.amb
Win32.Trojan.Downloader.Small.anu
Win32.Trojan.Downloader.Small.awy
Win32.Trojan.Downloader.Small.bqk
Win32.Trojan.Downloader.Small.cem
Win32.Trojan.Downloader.Small.cfd
Win32.Trojan.Downloader.Small.chc
Win32.Trojan.Downloader.Small.cjw
Win32.Trojan.Downloader.Small.ckj
Win32.Trojan.Downloader.Small.crv
Win32.Trojan.Downloader.Small.cse
Win32.Trojan.Downloader.Small.csp
Win32.Trojan.Downloader.Small.did
Win32.Trojan.Downloader.Small.drf
Win32.Trojan.Downloader.Small.dwe
Win32.Trojan.Downloader.Small.ft
Win32.Trojan.Downloader.Zlob.amy
Win32.Trojan.Downloader.Zlob.ap
Win32.Trojan.Downloader.Zlob.bnb
Win32.Trojan.Downloader.Zlob.gi
Win32.Trojan.Downloader.Zlob.gx
Win32.Trojan.Downloader.Zlob.hh
Win32.Trojan.Downloader.Zlob.ig
Win32.Trojan.Downloader.Zlob.ir
Win32.Trojan.Downloader.Zlob.jd
Win32.Trojan.Downloader.Zlob.jj
Win32.Trojan.Dropper.Agent.aak
Win32.Trojan.Dropper.Agent.aen
Win32.Trojan.Dropper.Agent.pn
Win32.Trojan.Dropper.Agent.py
Win32.Trojan.Dropper.Agent.si
Win32.Trojan.Dropper.Agent.yq
Win32.Trojan.Dropper.Delf.ade
Win32.Trojan.Dropper.MultiJoiner.17
Win32.Trojan.Dropper.Small.aah
Win32.Trojan.Dropper.Small.aao
Win32.Trojan.Dropper.Small.afl
Win32.Trojan.Dropper.Small.alx
Win32.Trojan.Dropper.Small.aoa
Win32.Trojan.Dropper.Small.f
Win32.Trojan.Dropper.Small.gn
Win32.Trojan.Dropper.Small.tg
Win32.Trojan.Dropper.Small.zr
Win32.Trojan.Inject.bn
Win32.Trojan.NtRootKit.40
Win32.Trojan.Proxy.Small.ct
Win32.Trojan.Spy.DiabloKeys.10
Win32.Trojan.Spy.ProAgent.w
Win32.Trojan.Spy.Small.cw
Win32.Trojan.Virtumod
Win32.winpop

Protection Overview
The Update adds 108 new malware signatures, detecting threats posed by malware types such as worms, Trojan horses, hacker's tools, key loggers, browser plug-ins, Adwares, third party cookies, and so forth.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
Zone Labs Spyware Information Center

Connectra NGX R62

How Can I Protect My Network?
Update version for Connectra NGX R62: 692070717

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R62 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Trojan.Dropper.Small.tg

Connectra NGX R61

How Can I Protect My Network?
Update version for Connectra NGX R61: 692070717

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security and Integrity Secure Workspace.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R61 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Trojan.Dropper.Small.tg

Connectra NGX R60

How Can I Protect My Network?
Update version for Connectra NGX: 691070717

For instructions on how to update your SmartDefense Service including your Integrity Clientless Security component, please refer to CPSA-2005-11

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Trojan.Dropper.Small.tg

Connectra 2.0

How Can I Protect My Network?
Update version for Connectra 2.0: 690070717

For instructions on how to update your SmartDefense Service including your Integrity Clientless Security component, please refer to CPSA-2005-11

How Do I Know if My Network is Under Attack?
Users Of Connectra 2.0 who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Trojan.Dropper.Small.tg