Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Integrity Clientless Security (ICS) Update 3.7.211.0

Subscribe

Check Point Reference: CPAI-2008-034
Date Published:
Severity:
Source: SmartDefense Research Center
Protection Provided by: Connectra
  • NGX R62
  • NGX R61
  • NGX
Who is Vulnerable?
Microsoft Windows clients
Vulnerability Description
Check Point Integrity ™ Clientless Security (ICS) protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, and also require that they conform to your antivirus and critical patch policies.

Integrity Clientless Security requires no pre-installed software on endpoint computers, except a supported browser. The scan is performed by an ActiveX component deployed from your Web server to each endpoint computer that requests access.

140 new malware signatures were added to ICS version 3.7.211.0. For a full list of the added malware, refer to the Details tab.
Vulnerability Details
ICS Update 3.7.211.0 includes 140 new malware patterns:

 Win32.Adware.AdAgent.k
 Win32.Adware.Agent.du
 Win32.Adware.Fakealert.53
 Win32.Adware.Gdown
 Win32.Adware.Generic.6279
 Win32.Adware.PeerNet
 Win32.AdWare.ToolBar.EliteBar.am
 Win32.agetltfets
 Win32.aGQABNWGI
 Win32.Application.Aseye.PN
 Win32.Application.Generic.1317
 Win32.Application.Spyware.Snoopst.C
 Win32.Backdoor.Aimbot.eh          
 Win32.Backdoor.Beizhu.277
 Win32.Backdoor.Bifrose.aeh
 Win32.Backdoor.Bifrose.cag
 Win32.Backdoor.Bifrose.ZTH
 Win32.Backdoor.Bifrost.515
 Win32.Backdoor.Ceckno.nc
 Win32.Backdoor.Farfli.K
 Win32.Backdoor.Generic.25581
 Win32.Backdoor.Graybird.CEA
 Win32.Backdoor.HackDef
 Win32.Backdoor.Hupigon.uiy
 Win32.Backdoor.Hupigon.ZKN
 Win32.Backdoor.IRC.ZFF
 Win32.Backdoor.IRCBot.ABJM
 Win32.Backdoor.Pigeon.BPY
 Win32.Backdoor.ProRat.TF
 Win32.Backdoor.Protux.g
 Win32.Backdoor.SdBot.cge
 Win32.Backdoor.SDBot.DFFF
 Win32.Backdoor.Shark.aa
 Win32.Backdoor.Shark.AN
 Win32.Backdoor.Shark.AO
 Win32.Backdoor.Shark.mq
 Win32.Backdoor.Sinowal.e
 Win32.Backdoor.VB.Shark
 Win32.BackDoor.Winsta
 Win32.Delf.CSN
 Win32.dljlu
 Win32.Downloader.Small.eoi
 Win32.Dropper.Agent.dxz
 Win32.Dropper.Delf.agt
 Win32.Email.Worm.Monikey.a
 Win32.Email.Worm.Monikey.b
 Win32.Email.Worm.VB.ee
 Win32.Exploit.CodeBase
 Win32.Generic.Malware.G.IFMYdg
 Win32.Generic.Malware.G.SI.FWX.Bg
 Win32.Generic.Malware.MPVPkWk
 Win32.Generic.Malware.P.dldPk
 Win32.Generic.Malware.P.Pk
 Win32.Generic.Malware.SFYBdld
 Win32.Generic.Malware.SI.Bg
 Win32.Generic.Malware.SI.FY
 Win32.Generic.Malware.SIFY
 Win32.Generic.Malware.Sp2p
 Win32.lsass.exe
 Win32.Monitor.JazoKeylogger.3110
 Win32.Spy.Banker.OOU
 Win32.Spy.Delf.NFB
 Win32.Spyware.Lmirhack.A
 Win32.Trojan.Agent.4380
 Win32.Trojan.Agent.6716
 Win32.Trojan.Agent.AGOE
 Win32.Trojan.Agent.AGPG
 Win32.Trojan.Agent.AGSR
 Win32.Trojan.Agent.AGTA
 Win32.Trojan.Agent.BCS
 Win32.Trojan.Banker.Delf.YCF
 Win32.Trojan.Click.16977
 Win32.Trojan.Click.16978
 Win32.Trojan.Clicker.Delf.es
 Win32.Trojan.Delf.ako
 Win32.Trojan.Delf.arq
 Win32.Trojan.Delf.Inject.A
 Win32.Trojan.Delf.st
 Win32.Trojan.Downloader.437
 Win32.Trojan.Downloader.Small.crk
 Win32.Trojan.Dropper.Delf.amq
 Win32.Trojan.Dropper.VB.ws
 Win32.Trojan.EliteBar.4
 Win32.Trojan.Hitpop.J
 Win32.Trojan.Horse.AZM
 Win32.Trojan.Horse2.FXS
 Win32.Trojan.IRC.Cloner.AU
 Win32.Trojan.Keylogger.10.exe
 Win32.Trojan.Lineage.LT
 Win32.Trojan.MulDrop.4102
 Win32.Trojan.MulDrop.4656
 Win32.Trojan.MulDrop.9108
 Win32.Trojan.NtRootKit.117
 Win32.Trojan.OnLineGames.nia
 Win32.Trojan.Packed.114
 Win32.Trojan.Packed.155
 Win32.Trojan.Packed.181
 Win32.Trojan.Peed.IVM
 Win32.Trojan.Proxy.Saturn.af
 Win32.Trojan.Proxy.Wopla.AT
 Win32.Trojan.Proxy.Wopla.ax
 Win32.Trojan.Proxy.Xorpix.cu
 Win32.Trojan.Proxy.Xorpix.cv
 Win32.Trojan.PSW.Gang
 Win32.Trojan.PSW.LdPinch.flj
 Win32.Trojan.PSW.LDPinch.THK
 Win32.Trojan.PSW.LDPinch.TID
 Win32.Trojan.PSW.OnLineGames.lzq
 Win32.Trojan.PSW.OnLineGames.oeh
 Win32.Trojan.PSW.OnLineGames.sp
 Win32.Trojan.PSW.Tibia
 Win32.Trojan.PSW.VB.NBB
 Win32.Trojan.PSW.WOW.ajn
 Win32.Trojan.PSW.Wsgame.3218
 Win32.Trojan.PSW.Wsgame.3220
 Win32.Trojan.PSW.Wsgame.3233
 Win32.Trojan.PSW.Wsgame.3239
 Win32.Trojan.PSW.Wsgame.3240
 Win32.Trojan.Rootkit.Agent.NED
 Win32.Trojan.Sentinel
 Win32.Trojan.Small.edz
 Win32.Trojan.Spy.Agent.bar
 Win32.Trojan.Spy.Agent.bbg
 Win32.Trojan.Spy.Agent.NNO
 Win32.Trojan.Spy.Banker.1518
 Win32.Trojan.Spy.Banker.5800
 Win32.Trojan.Spy.Banker.AAIN
 Win32.Trojan.Spy.Banker.gez
 Win32.Trojan.Spy.BZub.NHN
 Win32.Trojan.Spy.Goldun.iw
 Win32.Trojan.Srizbi.AS
 Win32.Trojan.TrojanDownloader.Small.DIB
 Win32.Trojan.TrojanDropper.Juntador.C
 Win32.Trojan.Zlob.CBN
 Win32.Warezov.ACR0mm
 Win32.Worm.Nuwar.A.DAN
 Win32.Worm.Padobot.i
 Win32.Worm.Repar.a
 Win32.Worm.VB.cd
 Win32.wsonnvyA

Protection Overview
The Update adds 140 new malware signatures, detecting threats posed by malware types such as worms, Trojan horses, hacker's tools, key loggers, browser plug-ins, Adwares, third party cookies, and so forth.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
Zone Labs Spyware Information Center

Connectra NGX R62

How Can I Protect My Network?
Update version for Connectra NGX R62: 692080227

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R62 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Trojan.Agent.6716

Connectra NGX R61

How Can I Protect My Network?
Update version for Connectra NGX R61: 692080227

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security and Integrity Secure Workspace.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R61 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Trojan.Agent.6716

Connectra NGX R60

How Can I Protect My Network?
Update version for Connectra NGX: 691080227

For instructions on how to update your SmartDefense Service including your Integrity Clientless Security component, please refer to CPSA-2005-11

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Trojan.Agent.6716