Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Integrity Clientless Security (ICS) Update 3.7.152.0

Subscribe

Check Point Reference: CPAI-2007-054
Date Published:
Severity:
Source: SmartDefense Research Center
Protection Provided by: Connectra
  • NGX R62
  • NGX R61
  • NGX
  • 2.0
Who is Vulnerable?
Microsoft Windows clients
Vulnerability Description
Check Point Integrity ™ Clientless Security (ICS) protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, and also require that they conform to your antivirus and critical patch policies.

Integrity Clientless Security requires no pre-installed software on endpoint computers, except a supported browser. The scan is performed by an ActiveX component deployed from your Web server to each endpoint computer that requests access.
 
192 new malware signatures were added to ICS version 3.7.152.0. For a full list of the added malware, refer to the Details tab.
Vulnerability Details
ICS Update 3.7.152.0 includes 192 new malware patterns:

 Win32.2603d.win32.trojan-spy.bancos.zm
 Win32.2f391.win32.generic.1089
 Win32.AdWare.Casino.y
 Win32.AdWare.NewWeb.l
 Win32.AdWare.SurfSide.ax
 Win32.Backdoor.Agent.amr
 Win32.Backdoor.Antilam.14.i
 Win32.Backdoor.Beastdoor.200.d
 Win32.Backdoor.BO.Client.Deep
 Win32.Backdoor.Ciadoor.11.a
 Win32.BackDoor.Generic.1401
 Win32.Backdoor.Hupigon.bqf
 Win32.Backdoor.Hupigon.brc
 Win32.Backdoor.Hupigon.ejr
 Win32.Backdoor.Hupigon.fb
 Win32.Backdoor.IRCBot.zx
 Win32.Backdoor.Krass
 Win32.Backdoor.Nirvana.196
 Win32.BackDoor.NX
 Win32.BackDoor.Pigeon.194
 Win32.Backdoor.Prosiak.0_47
 Win32.Backdoor.Rbot.axw
 Win32.Backdoor.SdBot.beb
 Win32.Backdoor.SheepGoat.10.b
 Win32.Backdoor.Small.hv
 Win32.Backdoor.Small.na
 Win32.Backdoor.SubSeven.21.c
 Win32.Backdoor.SubSeven.2_0
 Win32.Backdoor.VB.aya
 Win32.Backdoor.VB.gw
 Win32.BackDoor.VO
 Win32.BackDoor.WinFire.12
 Win32.Backdoor.Wisdoor.n
 Win32.BAT.FromatC.2
 Win32.DDoS.Rincux
 Win32.Dialer.840
 Win32.Dialer.PlayGames
 Win32.DoS.BlueRain
 Win32.DoS.Vaite.10
 Win32.Downloader.AUL
 Win32.Downloader.Harnig.12
 Win32.Email.Worm.Warezov.ka
 Win32.Exploit-DcomRpc.gen
 Win32.FDOS.MailBomber
 Win32.FDoS.MSN
 Win32.Generic.BackDoor.l
 Win32.Generic.Del.c
 Win32.HackTool.IPHack
 Win32.Hangping
 Win32.Hoax.Renos.hf
 Win32.IRC.Mykralor
 Win32.kavms
 Win32.Keylog.Dafunk
 Win32.KeyLogger.107
 Win32.LowZones.77
 Win32.Mywinpop
 Win32.Net.Worm.Mytob.f
 Win32.Nuke.Vai
 Win32.Nuker.Beer
 Win32.Nuker.Die.b
 Win32.OScope.Downloader.VB
 Win32.Packages
 Win32.Proxy.Agent.o
 Win32.PWS.BP
 Win32.PWS.JB
 Win32.PWS.Yahoo
 Win32.Rameh
 Win32.Spy.Agent.bq
 Win32.svchost32
 Win32.Trojan.Agent.afb
 Win32.Trojan.Agent.vz
 Win32.Trojan.AphexSniffer.10
 Win32.Trojan.Bancos.2039
 Win32.Trojan.Bertz
 Win32.Trojan.BHO.ai
 Win32.Trojan.Codbot.2
 Win32.Trojan.Delf.sx
 Win32.Trojan.Dialer.gp
 Win32.Trojan.DNSChanger.ip
 Win32.Trojan.Downloader.1289
 Win32.Trojan.DownLoader.19378
 Win32.Trojan.DownLoader.5013
 Win32.Trojan.Downloader.Adload.dm
 Win32.Trojan.Downloader.Adload.ig
 Win32.Trojan.Downloader.Agent.aax
 Win32.Trojan.Downloader.Agent.ber
 Win32.Trojan.Downloader.Agent.bfz
 Win32.Trojan.Downloader.Banload.1619
 Win32.Trojan.Downloader.Banload.1804
 Win32.Trojan.Downloader.Banload.1911
 Win32.Trojan.Downloader.Banload.bts
 Win32.Trojan.Downloader.Banload.buo
 Win32.Trojan.Downloader.Banload.bvj
 Win32.Trojan.Downloader.Banload.bvu
 Win32.Trojan.Downloader.Banload.bwc
 Win32.Trojan.Downloader.Banload.bwe
 Win32.Trojan.Downloader.Banload.bwn
 Win32.Trojan.Downloader.Banload.iz
 Win32.Trojan.Downloader.Banload.pa
 Win32.Trojan.Downloader.Banload.qt
 Win32.Trojan.Downloader.Banload.rq
 Win32.Trojan.Downloader.Banload.sh
 Win32.Trojan.Downloader.Delf.age
 Win32.Trojan.Downloader.Delf.bay
 Win32.Trojan.Downloader.PassAlert.v
 Win32.Trojan.Downloader.PromoCarto.5
 Win32.Trojan.Downloader.PurityScan.dx
 Win32.Trojan.Downloader.Small.1615
 Win32.Trojan.Downloader.Small.829
 Win32.Trojan.Downloader.Small.ng
 Win32.Trojan.Downloader.VBS.Iwill.a
 Win32.Trojan.Downloader.Zlob.bpw
 Win32.Trojan.Dropper.Agent.amg
 Win32.Trojan.Dropper.Agent.beu
 Win32.Trojan.Dropper.Agent.wf
 Win32.Trojan.Dropper.Agent.yt
 Win32.Trojan.Dropper.Delf.tx
 Win32.Trojan.Dropper.Delf.zd
 Win32.Trojan.Dropper.EliteWrap.104
 Win32.Trojan.Dropper.Juntador.e
 Win32.Trojan.Hupigon.1003
 Win32.Trojan.ICQFuer
 Win32.Trojan.ICQSnoofer
 Win32.Trojan.IRC.Kelebek.Q
 Win32.Trojan.Killav.75
 Win32.Trojan.MulDrop.996
 Win32.Trojan.Panic
 Win32.Trojan.Proxy.Dlena.cb
 Win32.Trojan.Proxy.Ranky.bn
 Win32.Trojan.PSW.Lineage.ue
 Win32.Trojan.PSW.Lineage.ul
 Win32.Trojan.PSW.MSNCookie
 Win32.Trojan.PSW.Nilage.bet
 Win32.Trojan.PSW.OnLineGames.dn
 Win32.Trojan.PSW.QQPass.pc
 Win32.Trojan.PSW.QQRob.318
 Win32.Trojan.PSW.VB.dn
 Win32.Trojan.PSW.WOW.pp
 Win32.Trojan.PSW.Yahoo.VB.h
 Win32.Trojan.PWS.Banker.6251
 Win32.Trojan.PWS.Legmir.694
 Win32.Trojan.PWS.Qqpass.336
 Win32.Trojan.Qhost.b
 Win32.Trojan.Spy.316
 Win32.Trojan.Spy.Banbra.nr
 Win32.Trojan.Spy.Bancos.ql
 Win32.Trojan.Spy.Bancos.rx
 Win32.Trojan.Spy.Banker.1524
 Win32.Trojan.Spy.Banker.arq
 Win32.Trojan.Spy.Banker.cht
 Win32.trojan.spy.banker.cmj
 Win32.Trojan.Spy.Delf.cr
 Win32.Trojan.Spy.Goldun.lg
 Win32.Trojan.Spy.Ksniff
 Win32.Trojan.Spy.Loverspy.E
 Win32.Trojan.Spy.PKeySpy.17
 Win32.Trojan.Spy.VB.cp
 Win32.Trojan.TrojanDownloader.VB.NHQ
 Win32.Trojan.VB.amd
 Win32.Trojan.VB.amy
 Win32.Trojan.VB.fp.Client
 Win32.Trojan.VBS.KillAV.O
 Win32.VirTool.IPacker.11
 Win32.Vport.11
 Win32.W32.52736
 Win32.W32Backdoor.Netbus
 Win32.W32Backdoor.StealthSpy
 Win32.W32Banker.QRB
 Win32.W32Banker.UQQ
 Win32.W32Caffain.A
 Win32.W32Dialer.DAN
 Win32.W32Downloader.AFGO
 Win32.W32Downloader.AHHV
 Win32.W32Downloader.ATZM
 Win32.W32Keylogger.I0pws
 Win32.W32KillAV.B
 Win32.W32Magistr.327680mm
 Win32.W32PWStealer.ALX
 Win32.W32PWStealer.AMM
 Win32.W32SubSeven.backdoor.v22a
 Win32.W32Trojan.ZI
 Win32.W32Virtool.LH
 Win32.W32Y3KRat.E
 Win32.WinampAgent
 Win32.Winsystem
 Win32.Worm.Delf.ag
 Win32.Worm.Klez.1
 Win32.Worm.Viking.fd
 Win32.Worm.Viking.fe
 Win32.Worm.Warezov.1
 Win32.Worm.Warezov.6
 Win32.Xmas

Protection Overview
The Update adds 192 new malware signatures, detecting threats posed by malware types such as worms, Trojan horses, hacker's tools, key loggers, browser plug-ins, Adwares, third party cookies, and so forth.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
Zone Labs Spyware Information Center

Connectra NGX R62

How Can I Protect My Network?
Update version for Connectra NGX R62: 692070425

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R62 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.AdWare.Casino.y

Connectra NGX R61

How Can I Protect My Network?
Update version for Connectra NGX R61: 692070425

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security and Integrity Secure Workspace.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R61 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.AdWare.Casino.y

Connectra NGX R60

How Can I Protect My Network?
Update version for Connectra NGX: 691070425

For instructions on how to update your SmartDefense Service including your Integrity Clientless Security component, please refer to CPSA-2005-11

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.AdWare.Casino.y

Connectra 2.0

How Can I Protect My Network?
Update version for Connectra 2.0: 690070425

For instructions on how to update your SmartDefense Service including your Integrity Clientless Security component, please refer to CPSA-2005-11

How Do I Know if My Network is Under Attack?
Users Of Connectra 2.0 who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.AdWare.Casino.y