Integrity Clientless Security (ICS) Update 3.7.267.0

Overview
Details
Protection

Check Point Reference:	CPAI-2009-111
Date Published:
Severity:
Source:	SmartDefense Research Center
Protection Provided by:	Connectra NGX R62 NGX R61 NGX
Who is Vulnerable? Microsoft Windows clients
Vulnerability Description Check Point Integrity ™ Clientless Security (ICS) protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, and also require that they conform to your antivirus and critical patch policies. Integrity Clientless Security requires no pre-installed software on endpoint computers, except a supported browser. The scan is performed by an ActiveX component deployed from your Web server to each endpoint computer that requests access. 239 new malware signatures were added to ICS version 3.7.267.0. For a full list of the added malware, refer to the Details tab.

Vulnerability Details
ICS Update 3.7.267.0 includes 239 new malware patterns:

Win32.a
Win32.Adware.Cinmus.anws
Win32.Adware.Fakegoog.A.7
Win32.Adware.IETimbar
Win32.Application.Generic.34441
Win32.Application.Generic.34458
Win32.Application.Generic.34553
Win32.Application.Generic.34739
Win32.Application.Generic.34845
Win32.Application.Generic.35009
Win32.Application.Generic.35074
Win32.Application.Generic.35627
Win32.Application.Generic.35631
Win32.Application.Generic.37889
Win32.Application.Generic.39239
Win32.Application.Generic.39421
Win32.Application.Generic.39429
Win32.Application.Generic.39543
Win32.Application.Generic.39550
Win32.Application.Generic.39938
Win32.Application.Generic.40026
Win32.Application.Generic.40040
Win32.Application.Generic.40043
Win32.Application.Generic.40641
Win32.Application.Generic.41882
Win32.Application.Generic.42300
Win32.Application.Generic.42329
Win32.Application.Generic.42332
Win32.Application.Generic.42352
Win32.Application.Generic.42609
Win32.Backdoor.Bot.89599
Win32.Backdoor.Bot.89600
Win32.Backdoor.Bot.89602
Win32.Backdoor.Bot.89603
Win32.Backdoor.Bot.89604
Win32.Backdoor.Bot.89605
Win32.Backdoor.Bot.90146
Win32.Backdoor.Bot.90190
Win32.Backdoor.Bot.90278
Win32.Backdoor.FlyAgent.kn
Win32.Backdoor.Generic.171923
Win32.Backdoor.Generic.172576
Win32.Backdoor.Generic.173107
Win32.Backdoor.Generic.174194
Win32.Backdoor.Server.Afcore.DLL.1.4044.196
Win32.Backdoor.Server.Neakse.EK
Win32.Backdoor.Sinowal.BZ
Win32.Dialer.Generic.38862
Win32.Downloader.Hupigon.afh.27
Win32.Downloader.Perflogger.163.382
Win32.Rootkit.17746
Win32.Rootkit.Agent.jat
Win32.servises
Win32.Spyware.Tool.Obfuscator.DO.40
Win32.Spyware.VirTool.14898.1
Win32.Trojan.Agent.122880.44
Win32.Trojan.Agent.6144.46
Win32.Trojan.Agent.AMPK
Win32.Trojan.Agent.GZXP
Win32.Trojan.Agent.ufo
Win32.Trojan.Agent2.iex
Win32.Trojan.AntiAV.avh
Win32.Trojan.Banker.Banbra.hqz.2
Win32.Trojan.BHO.nui.20
Win32.Trojan.BHO.nui.4
Win32.Trojan.Cinmus.K.547
Win32.Trojan.Cinmus.O.6
Win32.Trojan.Crypt.Delf.AG.67
Win32.Trojan.Dropper.SXR
Win32.Trojan.Dropper.SYH
Win32.Trojan.DropperAgent.alvb
Win32.Trojan.Fake.uav.63
Win32.Trojan.Generic.1574387
Win32.Trojan.Generic.1574927
Win32.Trojan.Generic.1575173
Win32.Trojan.Generic.1575512
Win32.Trojan.Generic.1576469
Win32.Trojan.Generic.1576628
Win32.Trojan.Generic.1576680
Win32.Trojan.Generic.1576730
Win32.Trojan.Generic.1579923
Win32.Trojan.Generic.1581066
Win32.Trojan.Generic.1581315
Win32.Trojan.Generic.1581462
Win32.Trojan.Generic.1581464
Win32.Trojan.Generic.1582277
Win32.Trojan.Generic.1584797
Win32.Trojan.Generic.1585418
Win32.Trojan.Generic.1585750
Win32.Trojan.Generic.1586104
Win32.Trojan.Generic.1586135
Win32.Trojan.Generic.1586345
Win32.Trojan.Generic.1588380
Win32.Trojan.Generic.1588383
Win32.Trojan.Generic.1590333
Win32.Trojan.Generic.1591004
Win32.Trojan.Generic.1593235
Win32.Trojan.Generic.1608894
Win32.Trojan.Generic.1610648
Win32.Trojan.Generic.1610798
Win32.Trojan.Generic.1610803
Win32.Trojan.Generic.1611378
Win32.Trojan.Generic.1611730
Win32.Trojan.Generic.1612425
Win32.Trojan.Generic.1613043
Win32.Trojan.Generic.1613274
Win32.Trojan.Generic.1613432
Win32.Trojan.Generic.1614597
Win32.Trojan.Generic.1615470
Win32.Trojan.Generic.1616061
Win32.Trojan.Generic.1616659
Win32.Trojan.Generic.1617693
Win32.Trojan.Generic.1618767
Win32.Trojan.Generic.1618875
Win32.Trojan.Generic.1619390
Win32.Trojan.Generic.1619671
Win32.Trojan.Generic.1620097
Win32.Trojan.Generic.1620373
Win32.Trojan.Generic.1620535
Win32.Trojan.Generic.1621276
Win32.Trojan.Generic.1621482
Win32.Trojan.Generic.1621553
Win32.Trojan.Generic.1621639
Win32.Trojan.Generic.1622002
Win32.Trojan.Generic.1622557
Win32.Trojan.Generic.1622915
Win32.Trojan.Generic.1624301
Win32.Trojan.Generic.1624868
Win32.Trojan.Generic.1625950
Win32.Trojan.Generic.1626117
Win32.Trojan.Generic.1626125
Win32.Trojan.Generic.1626256
Win32.Trojan.Generic.1627886
Win32.Trojan.Generic.1628167
Win32.Trojan.Generic.1628186
Win32.Trojan.Generic.1628202
Win32.Trojan.Generic.1628220
Win32.Trojan.Generic.1628897
Win32.Trojan.Generic.1629143
Win32.Trojan.Generic.1629422
Win32.Trojan.Generic.1630022
Win32.Trojan.Generic.1630109
Win32.Trojan.Generic.1630111
Win32.Trojan.Generic.1630114
Win32.Trojan.Generic.1630121
Win32.Trojan.Generic.1630284
Win32.Trojan.Generic.1630335
Win32.Trojan.Generic.1630494
Win32.Trojan.Generic.1630618
Win32.Trojan.Generic.1630669
Win32.Trojan.Generic.1630705
Win32.Trojan.Generic.1630777
Win32.Trojan.Generic.1630864
Win32.Trojan.Generic.1631132
Win32.Trojan.Generic.1631398
Win32.Trojan.Generic.1631674
Win32.Trojan.Generic.1632022
Win32.Trojan.Generic.1632303
Win32.Trojan.Generic.1632924
Win32.Trojan.Generic.1633114
Win32.Trojan.Generic.1635237
Win32.Trojan.Generic.1636939
Win32.Trojan.Generic.1638238
Win32.Trojan.Generic.1638432
Win32.Trojan.Generic.1638864
Win32.Trojan.Generic.1640063
Win32.Trojan.Generic.1640191
Win32.Trojan.Generic.1640412
Win32.Trojan.Generic.1640889
Win32.Trojan.Generic.1641403
Win32.Trojan.Generic.1641511
Win32.Trojan.Generic.1642169
Win32.Trojan.Generic.1643075
Win32.Trojan.Generic.1645109
Win32.Trojan.Generic.1646266
Win32.Trojan.Generic.1647480
Win32.Trojan.Generic.1647495
Win32.Trojan.Generic.1647919
Win32.Trojan.Generic.1647923
Win32.Trojan.Generic.1648019
Win32.Trojan.Generic.1648569
Win32.Trojan.Generic.1648808
Win32.Trojan.Generic.1648812
Win32.Trojan.Generic.1649121
Win32.Trojan.Generic.1649134
Win32.Trojan.Generic.1649138
Win32.Trojan.Heur.Dropper.1024DBDBDB
Win32.Trojan.Heur.GM.0460048426
Win32.Trojan.Jevafus.K.12
Win32.Trojan.Killav.clz.1
Win32.Trojan.Muldrop.1987
Win32.Trojan.PCK.Tdss.F.2622
Win32.Trojan.PCK.Tdss.H.7
Win32.Trojan.PSW.48128
Win32.Trojan.PSW.Agent.DN
Win32.Trojan.PSW.Agent.mvd
Win32.Trojan.PSW.Agent.mve
Win32.Trojan.PSW.Frethog.99840B
Win32.Trojan.PSW.LdPinch.TTI
Win32.Trojan.PSW.OnlineGames.CJ.1
Win32.Trojan.PSW.OnlineGames.KBWX
Win32.Trojan.PSW.OnlineGames.KBYT
Win32.Trojan.PSW.OnlineGames.uwtr
Win32.Trojan.PSW.Wow.hqu
Win32.Trojan.Spy.Agent.amns
Win32.Trojan.Spy.Agent.ancy
Win32.Trojan.Spy.Bancos.3580928C
Win32.Trojan.Spy.Banker.49152
Win32.Trojan.Spy.BHO.BL.1
Win32.Trojan.Spy.Cingo.L
Win32.Trojan.Spy.XZO
Win32.Trojan.Spy.ZBot.qkb
Win32.Trojan.Spy.ZBot.rku
Win32.Trojan.Spy.ZBot.ska
Win32.Trojan.Stuh.flz
Win32.Trojan.Stuh.fxp
Win32.Trojan.VB.oag
Win32.Trojan.Vundo.108032AJ
Win32.Trojan.Vundo.60928AK
Win32.Trojan.Zlob.54706
Win32.Virtool.28141
Win32.Worm.Autorun.blq
Win32.Worm.Autorun.flx
Win32.Worm.Generic.49753
Win32.Worm.Generic.49781
Win32.Worm.Generic.49785
Win32.Worm.Generic.49854
Win32.Worm.Generic.50101
Win32.Worm.Generic.50160
Win32.Worm.Generic.50175
Win32.Worm.Generic.50423
Win32.Worm.Generic.50504
Win32.Worm.Generic.50534
Win32.Worm.Generic.50536
Win32.Worm.Generic.50555
Win32.Worm.Generic.50896
Win32.Worm.Generic.50917
Win32.Worm.Generic.50949
Win32.Worm.Generic.51284

Protection Overview
The Update adds 239 new malware signatures, detecting threats posed by malware types such as worms, Trojan horses, hacker's tools, key loggers, browser plug-ins, Adwares, third party cookies, and so forth.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
Zone Labs Spyware Information Center

Connectra NGX R62

How Can I Protect My Network?
Update version for Connectra NGX R62: 692090608

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security.
3. Click Download Updates.
4. Install security policy.

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R62 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Trojan.PSW.OnlineGames.CJ.1

Connectra NGX R61

How Can I Protect My Network?
Update version for Connectra NGX R61: 692090608

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security and Integrity Secure Workspace.
3. Click Download Updates.
4. Install security policy.

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R61 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Trojan.PSW.OnlineGames.CJ.1

Connectra NGX R60

How Can I Protect My Network?
Update version for Connectra NGX: 691090608

For instructions on how to update your SmartDefense Service including your Integrity Clientless Security component, please refer to CPSA-2005-11

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Trojan.PSW.OnlineGames.CJ.1

Legal Notice for SmartDefense Advisories