Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Integrity Clientless Security (ICS) Update 3.7.231.0

Subscribe

Check Point Reference: CPAI-2008-083
Date Published:
Severity:
Source: SmartDefense Research Center
Protection Provided by: Connectra
  • NGX R62
  • NGX R61
  • NGX
Who is Vulnerable?
Microsoft Windows clients
Vulnerability Description
Check Point Integrity ™ Clientless Security (ICS) protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, and also require that they conform to your antivirus and critical patch policies.

Integrity Clientless Security requires no pre-installed software on endpoint computers, except a supported browser. The scan is performed by an ActiveX component deployed from your Web server to each endpoint computer that requests access.

88 new malware signatures were added to ICS version 3.7.231.0. For a full list of the added malware, refer to the Details tab.
Vulnerability Details
ICS Update 3.7.231.0 includes 88 new malware patterns:

 Win32.Adware.ADSTechno.A.1
 Win32.Adware.Agent.40960.E
 Win32.AdWare.BHO.ar
 Win32.Adware.Casino.AA.2
 Win32.Adware.NavHelper
 Win32.Adware.PigSearch.D
 Win32.Adware.Superjuan.bgi
 Win32.Adware.Virtumonde.qxn
 Win32.Adware.Virtumonde.trz
 Win32.Adware.WSB.b
 Win32.Application.Freejoiner.A
 Win32.Backdoor.Agent.ejx
 Win32.Backdoor.Bifrose.cnx
 Win32.Backdoor.Bot.16127
 Win32.BackDoor.Generic.1484
 Win32.Backdoor.Generic.49825
 Win32.Backdoor.Popwin.aws
 Win32.Backdoor.Server.Bifrose.ZXE.99
 Win32.Backdoor.Server.Poisonivy.J.23
 Win32.Backdoor.Turkojan.jv
 Win32.Dialer.Generic.20069
 Win32.Downloader.Agent.dpc
 Win32.Downloader.Agent.SUJ
 Win32.Downloader.Banload.mam
 Win32.Downloader.Zlob.lps.2
 Win32.Exploit.Agent.bo
 Win32.Generic.Malware.P.Yd.dldPk
 Win32.PcMir
 Win32.Rootkit.Agent.DU
 Win32.Spyware.Tool.Downlo.P.1
 Win32.Super_Kill
 Win32.Trojan.Agent.1024.230
 Win32.Trojan.Agent.1024.269
 Win32.Trojan.Agent.14880.15
 Win32.Trojan.Agent.24096.10
 Win32.Trojan.Agent.3798
 Win32.Trojan.Agent.4096.212
 Win32.Trojan.Agent.45056.138
 Win32.Trojan.Agent.49152.125
 Win32.Trojan.Crypt.Delf.G.20
 Win32.Trojan.Delf.HX.2
 Win32.Trojan.Delf.Inject.S.56
 Win32.Trojan.Delf.Inject.S.69
 Win32.Trojan.Delf.Inject.Z
 Win32.Trojan.Downloader.Banload.zc
 Win32.Trojan.Dropper.Agent.40448
 Win32.Trojan.Dropper.Agent.qpi.1
 Win32.Trojan.Dropper.Cutwail.O.10
 Win32.Trojan.Dropper.VB.A.57
 Win32.Trojan.Generic.180681
 Win32.Trojan.Haxdoor.22
 Win32.Trojan.Injector.AQ.97
 Win32.Trojan.KillAV.cv
 Win32.Trojan.MulDrop.6133
 Win32.Trojan.Packed.41
 Win32.Trojan.Patch.F.62
 Win32.Trojan.Peed.A.447
 Win32.Trojan.Peed.IIG.2
 Win32.Trojan.PPDoor.2
 Win32.Trojan.PSW.Agent.RZZ.3
 Win32.Trojan.PSW.OnlineGames.abht.3
 Win32.Trojan.PSW.OnlineGames.ajsq
 Win32.Trojan.PSW.OnlineGames.akug
 Win32.Trojan.PSW.OnlineGames.NVI.121
 Win32.Trojan.PSW.OnlineGames.NVI.138
 Win32.Trojan.PSW.OnlineGames.NVI.165
 Win32.Trojan.PSW.OnlineGames.NVI.168
 Win32.Trojan.PSW.OnlineGames.NVI.175
 Win32.Trojan.PSW.OnlineGames.NVI.177
 Win32.Trojan.PSW.OnlineGames.NVI.178
 Win32.Trojan.PSW.OnlineGames.NVI.189
 Win32.Trojan.PSW.OnlineGames.WNY
 Win32.Trojan.Qhost.LY.112
 Win32.Trojan.Shutdowner.FK
 Win32.Trojan.Spy.Agent.NPM
 Win32.Trojan.Spy.Banker.AATZ
 Win32.Trojan.Spy.Pophot.C.2
 Win32.Trojan.Trash.Gen
 Win32.Trojan.Vundo.elz.1
 Win32.Trojan.Winbomb
 Win32.Trojan.Yspy
 Win32.Trojan.Zlob.5294
 Win32.Trojan.Zlob.5552
 Win32.Virut.AL
 Win32.Worm.Downloader.lq
 Win32.Worm.IrcBot.482304
 Win32.Worm.Mytob.FZ
 Win32.Worm.Spybot.BJQ

Protection Overview
The Update adds 88 new malware signatures, detecting threats posed by malware types such as worms, Trojan horses, hacker's tools, key loggers, browser plug-ins, Adwares, third party cookies, and so forth.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
Zone Labs Spyware Information Center

Connectra NGX R62

How Can I Protect My Network?
Update version for Connectra NGX R62: 692080616

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R62 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Worm.IrcBot.482304

Connectra NGX R61

How Can I Protect My Network?
Update version for Connectra NGX R61: 692080616

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security and Integrity Secure Workspace.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R61 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Worm.IrcBot.482304

Connectra NGX R60

How Can I Protect My Network?
Update version for Connectra NGX: 691080616

For instructions on how to update your SmartDefense Service including your Integrity Clientless Security component, please refer to CPSA-2005-11

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Worm.IrcBot.482304