Update Protections against Recent Malware Threats (19-Feb-09)
| Check Point Reference: | CPAI-2009-020 | |
| Date Published: | ||
| Severity: | ||
| Source: | Win32.Cekar Variant Malware: WeatherStudio Malware: Antivirus XP 2008 Toolbar: Starware Videos Trojan: Win32.Agent.aah Trojan Downloader: Gen Trojan Downloader: Agent.vhb |
|
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows clients | ||
| Vulnerability Description Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network access to intrude upon organizations, destroying or stealing data. Spyware is computer software that is installed without the user's informed consent on a personal computer to intercept or take partial control over the user's interaction with the computer. Spyware programs can collect various types of personal information, install additional software, redirect Web browser activity, or divert advertising revenue to a third party. Adware is an advertising-supported software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. A Trojan horse is a program that installs malicious software while under the guise of doing something else. Trojans are known for installing backdoor programs which allow unauthorized non permissible remote access to the victim's machine by unwanted parties with malicious intentions. |
||
|
Vulnerability Details The update includes new protections against 7 recent malware threats: Win32.Cekar Variant - Win32.Cekar Variant is a worm that contacts its controlling server to download malicious code. An infected host may download additional Trojans, and upload sensitive information like usernames and passwords. The worm slows down the network, the infected computer and re-directs the browser. Malware: WeatherStudio - WeatherStudio is a browser hijacker application that hijacks the Internet Explorer start page, auto search, and search assistance to its controlling server. It also hijacks user searches on popular search engines. Malware: Antivirus XP 2008 - Antivirus XP 2008 (Winifixer) is a rogue, malicious backdoor Trojan that attempts to scare users into paying for useless anti-spyware protection by leading them to believe that their PCs are infected with malware applications. Once downloaded and installed it starts a fake scan on the victim's system and reports false system security threats on the computer. Toolbar: Starware Videos - Starware Videos Toolbar is a malware application which alters the browsers search settings and re-directs address bar keyword searches to search.cometsystems.com. Installs a browser search toolbar and when performing a google.com search, will create a new window of search results from cometsystems.com. Trojan: Win32.Agent.aah - Trojan Win32.Agent.aah downloads malicious programs to a user's computer without the user's consent. It makes changes to the Windows system and the Internet Explorer settings, and generates popup advertisements when the user is surfing the Internet. Trojan Downloader: Gen - Downloader Trojan Gen downloads and installs multiple unwanted applications of adware and malware from remote servers. It monitors the user's web activities and keeps prompting users with fake security center alerts. It will automatically launch rogue anti-virus scan pages and many popup windows asking users to download various rogue anti-spyware. Trojan Downloader: Agent.vhb - Trojan Downloader.Agent.vhb is a Chinese related Trojan downloader application. It connects to remote servers to download and execute many malicious programs and Trojans without the user's consent. It tries to open a login page and sends updates to malicious sites. |
Protection Overview
The update enables the Header Rejection protection to detect and block the malware based on pre-defined header names.
In order for the protection to be activated, update your VPN-1 product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.