Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Integrity Clientless Security (ICS) Update 3.7.201.0

Subscribe

Check Point Reference: CPAI-2008-007
Date Published:
Severity:
Source: SmartDefense Research Center
Protection Provided by: Connectra
  • NGX R62
  • NGX R61
  • NGX
Who is Vulnerable?
Microsoft Windows clients
Vulnerability Description
Check Point Integrity ™ Clientless Security (ICS) protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, and also require that they conform to your antivirus and critical patch policies.

Integrity Clientless Security requires no pre-installed software on endpoint computers, except a supported browser. The scan is performed by an ActiveX component deployed from your Web server to each endpoint computer that requests access.
 
146 new malware signatures were added to ICS version 3.7.201.0. For a full list of the added malware, refer to the Details tab.
Vulnerability Details
ICS Update 3.7.201.0 includes 146 new malware patterns:

 Win32.371662L
 Win32.Adware.BHO
 Win32.Adware.Vapsup.jr
 Win32.Adware.Virtumonde.GGY
 Win32.Application.Aseye.AKR
 Win32.Backdoor.A.2_0
 Win32.Backdoor.Agent.cda
 Win32.Backdoor.Bot.3245
 Win32.Backdoor.Bot.3310
 Win32.Backdoor.Cmjspy.by
 Win32.Backdoor.Genlot.KQ
 Win32.Backdoor.Haxdoor.hs
 Win32.BackDoor.Hazz
 Win32.Backdoor.Hupigon.JHB
 Win32.Backdoor.Hupigon.nqr
 Win32.Backdoor.Hupigon.ZCH
 Win32.Backdoor.IRCBot.no
 Win32.Backdoor.JustFun
 Win32.Backdoor.Lory
 Win32.Backdoor.PcClient.ahz
 Win32.Backdoor.PcClient.et
 Win32.Backdoor.Rbot.cqb
 Win32.Backdoor.Rukap.j
 Win32.Backdoor.Sbot.21
 Win32.Dialer.159
 Win32.Email.Worm.Bagle.co
 Win32.Email.Worm.MyPics.g
 Win32.Email.Worm.Zhelatin.ec
 Win32.GameSetup
 Win32.Generic.Malware.Cdld
 Win32.Generic.Malware.E
 Win32.Generic.Malware.G.SI.Fg
 Win32.Generic.Malware.MPPkoe
 Win32.Generic.Malware.SE
 Win32.Generic.Malware.SFDYBdb
 Win32.Generic.Malware.SP.BdldPk.g
 Win32.Generic.Malware.SP.VPkWkg
 Win32.IM.Worm.Kelvir.er
 Win32.IRC.Backdoor
 Win32.lasys32
 Win32.lKNMTONi
 Win32.lrdnjqpz
 Win32.Net.Worm.Domwoot.c
 Win32.Net.Worm.Mytob.fj
 Win32.nhk
 Win32.owns soft
 Win32.Packer.Pohernah.A
 Win32.Program lies
 Win32.tfaw
 Win32.Trojan.Adload.MAS
 Win32.Trojan.Agent.1135
 Win32.Trojan.Agent.AFZR
 Win32.Trojan.Agent.AGBA
 Win32.Trojan.Agent.AGBS
 Win32.Trojan.Agent.bcj
 Win32.Trojan.Agent.JZ
 Win32.Trojan.Agent.lu
 Win32.Trojan.Agent.to
 Win32.Trojan.Clicker.Small.ig
 Win32.Trojan.Crypt.Nspm.EW
 Win32.Trojan.Delf.alw
 Win32.Trojan.Delf.anx
 Win32.Trojan.Delf.OUP
 Win32.Trojan.Dialer.ya
 Win32.Trojan.DNSchanger.166
 Win32.Trojan.Downloader.Agent.egv
 Win32.Trojan.Downloader.Banload.agj
 Win32.Trojan.Downloader.QQHelper.es
 Win32.Trojan.Downloader.Small.cvu
 Win32.Trojan.Dropper.2514
 Win32.Trojan.Dropper.Agent.aft
 Win32.Trojan.Dropper.Agent.jv
 Win32.Trojan.Dropper.Agent.zt
 Win32.Trojan.Dropper.Delf.68
 Win32.Trojan.Dropper.Delf.agp
 Win32.Trojan.Dropper.VB.dp
 Win32.Trojan.Flooder.D
 Win32.Trojan.Generic.58282
 Win32.Trojan.Generic.70051
 Win32.Trojan.Generic.71992
 Win32.Trojan.Generic.74520
 Win32.Trojan.Genlot.Dki.AA
 Win32.Trojan.Iroffer.25
 Win32.Trojan.Keylog.gm
 Win32.Trojan.KillFiles.fd
 Win32.Trojan.Kobcka.BG
 Win32.Trojan.Kobcka.BM
 Win32.Trojan.LowZones.6
 Win32.Trojan.Mybot.6792
 Win32.Trojan.Mybot.gen.126
 Win32.Trojan.OnLineGames.iat
 Win32.Trojan.Peed.IOR
 Win32.Trojan.Peed.IOV
 Win32.Trojan.Peed.IQG
 Win32.Trojan.Proxy.Agent.BAL
 Win32.Trojan.Proxy.Saturn.N
 Win32.Trojan.Proxy.Small.ef
 Win32.Trojan.PSW.Agent.rc
 Win32.Trojan.PSW.Delf.bal
 Win32.Trojan.PSW.Delf.kl
 Win32.Trojan.PSW.Hangame.ao
 Win32.Trojan.PSW.LDPinch.1358
 Win32.Trojan.PSW.LDPinch.AKW
 Win32.Trojan.PSW.LdPinch.bqv
 Win32.Trojan.PSW.Malpi
 Win32.Trojan.PSW.OnLineGames.htf
 Win32.Trojan.PSW.OnLineGames.ipo
 Win32.Trojan.PSW.OnLineGames.jgo
 Win32.Trojan.PSW.OnlineGames.NPF
 Win32.Trojan.PSW.QQShou.q
 Win32.Trojan.PSW.Small.dw
 Win32.Trojan.PWS.Maline
 Win32.Trojan.Spy.Agent.13
 Win32.Trojan.Spy.Agent.jn
 Win32.Trojan.Spy.Bancos.NIL
 Win32.Trojan.Spy.Bandra.5
 Win32.Trojan.Spy.Banker.2
 Win32.Trojan.Spy.Banker.2703
 Win32.Trojan.Spy.Banker.2911
 Win32.Trojan.Spy.Banker.3263
 Win32.Trojan.Spy.Banker.3267
 Win32.Trojan.Spy.Banker.559
 Win32.Trojan.Spy.Banker.AAAE
 Win32.Trojan.Spy.Banker.aui
 Win32.Trojan.Spy.Banker.axh
 Win32.Trojan.Spy.Banker.bhe
 Win32.Trojan.Spy.Banker.bwf
 Win32.Trojan.Spy.Banker.bwq
 Win32.Trojan.Spy.Spung.a
 Win32.Trojan.Srizbi.AI
 Win32.Trojan.StartPage.ail
 Win32.Trojan.TrojanDropper.Agent.YE
 Win32.Trojan.Vb.Small.F
 Win32.Trojan.Vundo.DRR
 Win32.Trojan.Vundo.DRU
 Win32.Trojan.Vundo.DRV
 Win32.Trojan.Vundo.DRY
 Win32.Trojan.Vundo.DRZ
 Win32.Trojan.Vundo.DSB
 Win32.Trojan.Vundo.DSC
 Win32.Trojan.Vundo.DSN
 Win32.Trojan.Vundo.DSS
 Win32.Trojan.Winspy.AS
 Win32.Virtool.358
 Win32.Virtool.675
 Win32.VirTool.BatCrypt.10

Protection Overview
The Update adds 146 new malware signatures, detecting threats posed by malware types such as worms, Trojan horses, hacker's tools, key loggers, browser plug-ins, Adwares, third party cookies, and so forth.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
Zone Labs Spyware Information Center

Connectra NGX R62

How Can I Protect My Network?
Update version for Connectra NGX R62: 692080110

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R62 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Backdoor.IRCBot.no

Connectra NGX R61

How Can I Protect My Network?
Update version for Connectra NGX R61: 692080110

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security and Integrity Secure Workspace.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R61 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Backdoor.IRCBot.no

Connectra NGX R60

How Can I Protect My Network?
Update version for Connectra NGX: 691080109

For instructions on how to update your SmartDefense Service including your Integrity Clientless Security component, please refer to CPSA-2005-11

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Backdoor.IRCBot.no