Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Integrity Clientless Security (ICS) Update 3.7.205.0

Subscribe

Check Point Reference: CPAI-2008-016
Date Published:
Severity:
Source: SmartDefense Research Center
Protection Provided by: Connectra
  • NGX R62
  • NGX R61
  • NGX
Who is Vulnerable?
Microsoft Windows clients
Vulnerability Description
Check Point Integrity ™ Clientless Security (ICS) protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, and also require that they conform to your antivirus and critical patch policies.

Integrity Clientless Security requires no pre-installed software on endpoint computers, except a supported browser. The scan is performed by an ActiveX component deployed from your Web server to each endpoint computer that requests access.
 
89 new malware signatures were added to ICS version 3.7.205.0. For a full list of the added malware, refer to the Details tab.
Vulnerability Details
 ICS Update 3.7.205.0 includes 89 new malware patterns:

 Win32.AdWare.InterKey
 Win32.Adware.Safeguardprotect.A
 Win32.Adware.Virtumonde.GGA
 Win32.Application.Aseye.BEX
 Win32.Backdoor.Agent.fl
 Win32.Backdoor.Agent.ZAM
 Win32.Backdoor.Agent.ZAR
 Win32.Backdoor.Delf.TN
 Win32.BackDoor.Generic.1214
 Win32.Backdoor.Hupigon.MY
 Win32.Backdoor.Hupigon.mzc
 Win32.Backdoor.Rbot.A
 Win32.Backdoor.Rbot.BRY
 Win32.Backdoor.Tiny.p
 Win32.Dialer.Asian
 Win32.Downloader.Banload.bpn
 Win32.Email.Worm.Zhelatin.ml
 Win32.Generic.Malware.FL.ym
 Win32.Generic.Malware.FLym
 Win32.Generic.Malware.SI.Bdld
 Win32.HLLW.Autoruner.947
 Win32.HLLW.SpyBot.85
 Win32.Trojan.Agent.AGFW
 Win32.Trojan.BHO.NXV
 Win32.Trojan.CB
 Win32.Trojan.Click.1245
 Win32.Trojan.Clicker.Chimoz.ba
 Win32.Trojan.Clicker.VB.om
 Win32.Trojan.Delf.OVG
 Win32.Trojan.Dialer.mv
 Win32.Trojan.Dloader.AAD
 Win32.Trojan.Downloader.Agent.afe
 Win32.Trojan.Downloader.Agent.bdj
 Win32.Trojan.Downloader.Banload.aoi
 Win32.Trojan.Downloader.Banload.avw
 Win32.Trojan.Downloader.Banload.axr
 Win32.Trojan.Downloader.Banload.azo
 Win32.Trojan.Downloader.Banload.bjt
 Win32.Trojan.Downloader.Banload.blo
 Win32.Trojan.Downloader.Banload.bmz
 Win32.Trojan.Downloader.Banload.btc
 Win32.Trojan.Downloader.Dadobra.mk
 Win32.Trojan.Downloader.Mediket.br
 Win32.Trojan.Downloader.Small.chm
 Win32.Trojan.Downloader.VB.aaj
 Win32.Trojan.Downloader.VB.aap
 Win32.Trojan.Downloader.VB.aas
 Win32.Trojan.Downloader.VB.adq
 Win32.Trojan.Downloader.VB.afw
 Win32.Trojan.Downloader.VB.amk
 Win32.Trojan.Downloader.Zlob.bur
 Win32.Trojan.Dropper.Agent.bau
 Win32.Trojan.Dropper.RNJ
 Win32.Trojan.Generic.4270
 Win32.Trojan.Generic.4445
 Win32.Trojan.IRC.Beku
 Win32.Trojan.Keylogger.208
 Win32.Trojan.KeyLogger.VB.O
 Win32.Trojan.Mybot.4953
 Win32.Trojan.Packed.252
 Win32.Trojan.Poebot.8
 Win32.Trojan.Proxy.Dlena.bz
 Win32.Trojan.PSW.Agent.RZM
 Win32.Trojan.PSW.LdPinch.bdr
 Win32.Trojan.PSW.OnLineGames.ldd
 Win32.Trojan.PSW.QQShou.id
 Win32.Trojan.PSW.Steam.m
 Win32.Trojan.Reboot.H
 Win32.Trojan.SpamAgent.GT
 Win32.Trojan.Spy.Banker.5794
 Win32.Trojan.Spy.Banker.6112
 Win32.Trojan.Spy.Banker.6220
 Win32.Trojan.Spy.Delf.nr
 Win32.Trojan.Spy.Delf.qc
 Win32.Trojan.StartPage.HL
 Win32.Trojan.TrojanClicker.Agent.DW
 Win32.Trojan.TrojanDownloader.Banload.NLQ
 Win32.Trojan.VB.475
 Win32.Trojan.Vundo.802
 Win32.Trojan.Vundo.DRQ
 Win32.Trojan.Vundo.DTP
 Win32.Trojan.Vundo.DTS
 Win32.Trojan.Vundo.DTU
 Win32.Trojan.WinlogonHook.Delf.A
 Win32.Trojan.Zlob.CAN
 Win32.Trojan.Zlob.CAO
 Win32.Virtool.1090
 Win32.Worm.Autorun.GE
 Win32.Worm.Tenga.A

Protection Overview
The Update adds 89 new malware signatures, detecting threats posed by malware types such as worms, Trojan horses, hacker's tools, key loggers, browser plug-ins, Adwares, third party cookies, and so forth.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
Zone Labs Spyware Information Center

Connectra NGX R62

How Can I Protect My Network?
Update version for Connectra NGX R62: 692080121

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R62 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Worm.Autorun.GE

Connectra NGX R61

How Can I Protect My Network?
Update version for Connectra NGX R61: 692080121

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security and Integrity Secure Workspace.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R61 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Worm.Autorun.GE

Connectra NGX R60

How Can I Protect My Network?
Update version for Connectra NGX: 691080121

For instructions on how to update your SmartDefense Service including your Integrity Clientless Security component, please refer to CPSA-2005-11

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Worm.Autorun.GE