Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Integrity Clientless Security (ICS) Update 3.7.214.0

Subscribe

Check Point Reference: CPAI-2008-028
Date Published:
Severity:
Source: SmartDefense Research Center
Protection Provided by: Connectra
  • NGX R62
  • NGX R61
  • NGX
Who is Vulnerable?
Microsoft Windows clients
Vulnerability Description
Check Point Integrity ™ Clientless Security (ICS) protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, and also require that they conform to your antivirus and critical patch policies.

Integrity Clientless Security requires no pre-installed software on endpoint computers, except a supported browser. The scan is performed by an ActiveX component deployed from your Web server to each endpoint computer that requests access.

71 new malware signatures were added to ICS version 3.7.214.0. For a full list of the added malware, refer to the Details tab.
Vulnerability Details
ICS Update 3.7.214.0 includes 71 new malware patterns:

 Win32.Adware.AVSystemCare
 Win32.Backdoor.Agent.dpx
 Win32.Backdoor.Beizhu.462
 Win32.Backdoor.Ceckno.oa
 Win32.Backdoor.Hupigon.ZKC
 Win32.Backdoor.Hupigon.ZKD
 Win32.Backdoor.PcClient.aro
 Win32.Backdoor.SDBot.DFEC
 Win32.Backdoor.Sdbot.DFEO
 Win32.Backdoor.SDBot.DFEU
 Win32.Backdoor.SDBot.DFEW
 Win32.Backdoor.Small.cli
 Win32.Backdoor.VB.BMQ
 Win32.Backdoor.WinterLove.bb
 Win32.Downloader.WinFixer.cr
 Win32.Generic.Malware.SIdld
 Win32.Generic.Malware.sp
 Win32.Generic.Malware.SQ
 Win32.GTaskup
 Win32.Rootkit.Bagle.G
 Win32.TR.FURootkit
 Win32.Trojan.Agent.AGOS
 Win32.Trojan.Agent.AGPL
 Win32.Trojan.Agent.AGPR
 Win32.Trojan.Agent.AGPT
 Win32.Trojan.Agent.AGSI
 Win32.Trojan.Agent.BBO
 Win32.Trojan.Agent.CWA
 Win32.Trojan.Agent.ecf
 Win32.Trojan.Agent.efv
 Win32.Trojan.Agent.EGI
 Win32.Trojan.Agent.nk
 Win32.Trojan.Autorun.MJ
 Win32.Trojan.Bat.Agent.AW
 Win32.Trojan.Clicker.Agent.45
 Win32.Trojan.Delf.asz
 Win32.Trojan.Dropper.Small.aoj
 Win32.Trojan.Exploit.Dfind.F
 Win32.Trojan.FakeGina.a
 Win32.Trojan.Generic.46926
 Win32.Trojan.Generic.59259
 Win32.Trojan.Generic.78938
 Win32.Trojan.Inject.qf
 Win32.Trojan.Inject.sb
 Win32.Trojan.Ircbot.XH
 Win32.Trojan.MulDrop.2771
 Win32.Trojan.Netbus.A
 Win32.Trojan.Notifier.Delf.1
 Win32.Trojan.Obfuscated.IQ
 Win32.Trojan.Packed.2710
 Win32.Trojan.Packed.97
 Win32.Trojan.Peed.IUV
 Win32.Trojan.PSW.Legmir.2015
 Win32.Trojan.PSW.OnLineGames.mlf
 Win32.Trojan.PSW.OnLineGames.OOH
 Win32.Trojan.PSW.OnLineGames.ozk
 Win32.Trojan.PSW.OnLineGames.pfv
 Win32.Trojan.PSW.Wsgame.2387
 Win32.Trojan.PSW.YCH
 Win32.Trojan.Qhost.ly
 Win32.Trojan.Renos.NBJ
 Win32.Trojan.Spy.Banker.1539
 Win32.Trojan.Spy.Banker.AAHL
 Win32.Trojan.Spy.Banker.cag
 Win32.Trojan.Spy.Delf.NKJ
 Win32.Trojan.StartPage.AKG
 Win32.Trojan.Zlob.CDG
 Win32.W32.Virut.Gen.C.155
 Win32.Worm.Agent.U
 Win32.Worm.Autorun.GI
 Win32.Worm.Bizex

Protection Overview
The Update adds 71 new malware signatures, detecting threats posed by malware types such as worms, Trojan horses, hacker's tools, key loggers, browser plug-ins, Adwares, third party cookies, and so forth.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
Zone Labs Spyware Information Center

Connectra NGX R62

How Can I Protect My Network?
Update version for Connectra NGX R62: 692080312

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R62 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Generic.Malware.sp

Connectra NGX R61

How Can I Protect My Network?
Update version for Connectra NGX R61: 692080312

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security and Integrity Secure Workspace.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R61 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Generic.Malware.sp

Connectra NGX R60

How Can I Protect My Network?
Update version for Connectra NGX: 691080312

For instructions on how to update your SmartDefense Service including your Integrity Clientless Security component, please refer to CPSA-2005-11

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Generic.Malware.sp