Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Integrity Clientless Security (ICS) Update 3.7.256.0

Subscribe

Check Point Reference: CPAI-2009-048
Date Published:
Severity:
Source: SmartDefense Research Center
Protection Provided by: Connectra
  • NGX R62
  • NGX R61
  • NGX
Who is Vulnerable?
Microsoft Windows clients
Vulnerability Description
Check Point Integrity ™ Clientless Security (ICS) protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, and also require that they conform to your antivirus and critical patch policies.

Integrity Clientless Security requires no pre-installed software on endpoint computers, except a supported browser. The scan is performed by an ActiveX component deployed from your Web server to each endpoint computer that requests access. 

242 new malware signatures were added to ICS version 3.7.256.0. For a full list of the added malware, refer to the Details tab.
Vulnerability Details
ICS Update 3.7.256.0 includes 242 new malware patterns:

 Win32.Adware.BHO.NCX
 Win32.Adware.Cpush.S.5
 Win32.Adware.Generic.45597
 Win32.Adware.NaviPromo.Gen.4
 Win32.Backdoor.Bot.67940
 Win32.Backdoor.Bot.68010
 Win32.Backdoor.Generic.132715
 Win32.Backdoor.Generic.132742
 Win32.Backdoor.Generic.135108
 Win32.Backdoor.Generic.137562
 Win32.Backdoor.Generic.137891
 Win32.Backdoor.Generic.138017
 Win32.Backdoor.Generic.138607
 Win32.Backdoor.Generic.138926
 Win32.Backdoor.Hupigon.123252
 Win32.Backdoor.Hupigon.125938
 Win32.Backdoor.Hupigon.127830
 Win32.Backdoor.Server.Afcore.DLL.1.4044.21
 Win32.Backdoor.Server.Agent.vcv
 Win32.Backdoor.Server.Agent.vfc.110
 Win32.Backdoor.Server.Agent.vmp
 Win32.Backdoor.Server.Agent.vuq.2
 Win32.Backdoor.Server.Bancodor.BC
 Win32.Backdoor.Server.Bifrose.aexf
 Win32.Backdoor.Server.Hupigon.ewbb
 Win32.Backdoor.Server.Hupigon.fdjg
 Win32.Backdoor.Server.Refpron.I.53
 Win32.bcei.ca
 Win32.dent web
 Win32.Downloader.Agent.asjk.140
 Win32.Downloader.Agent.bbua
 Win32.Downloader.AutoIt.HS.4
 Win32.Downloader.Cinmus.adlw
 Win32.Downloader.Delf.gml.6
 Win32.Downloader.Slefdel.byv.2
 Win32.Downloader.Thief.Magania.wfm
 Win32.Downloader.Thief.Magania.xex
 Win32.Exploit.IMG.WMF.lv
 Win32.Plus Site
 Win32.Rootkit.Pakes.CM
 Win32.Rootkit.Pakes.CW
 Win32.Rootkit.Small.DL
 Win32.Rootkit.Small.EH
 Win32.Rootkit.TDss.bwr
 Win32.Rootkit.TDss.byp
 Win32.Rootkit.TDss.cbh
 Win32.Rootkit.TDss.ccv
 Win32.Spyware.PSW.Steam.AI.9
 Win32.Spyware.Tool.Obfuscator.C.13
 Win32.Trojan.Agent.14336.25
 Win32.Trojan.Agent.20992.22
 Win32.Trojan.Agent.4349
 Win32.Trojan.Agent.71680.66
 Win32.Trojan.Agent.71680.85
 Win32.Trojan.Agent.72192.29
 Win32.Trojan.Agent.74240.31
 Win32.Trojan.Agent.75219
 Win32.Trojan.Agent.78305
 Win32.Trojan.Agent.ALSB.26
 Win32.Trojan.Agent.aomq.14
 Win32.Trojan.Agent.aqid
 Win32.Trojan.Agent.arrw
 Win32.Trojan.Agent.atsm
 Win32.Trojan.Agent.auqs.1
 Win32.Trojan.Agent.auuw.4
 Win32.Trojan.Agent.awgz.1
 Win32.Trojan.Agent.aymz
 Win32.Trojan.Agent.CWS.41
 Win32.Trojan.Agent.fga
 Win32.Trojan.Agent.MJ.65
 Win32.Trojan.AgentMB.EAKJ3695824.3
 Win32.Trojan.Alureon.110592L.7
 Win32.Trojan.Alureon.39424J.1
 Win32.Trojan.Banker.Bancos.czc
 Win32.Trojan.Banker.LAR.14
 Win32.Trojan.C2lop.679936F.4
 Win32.Trojan.Crypt.Delf.X.70
 Win32.Trojan.Delf.MZ.Cli
 Win32.Trojan.Dialer.afl.2
 Win32.Trojan.DropperAgent.anld
 Win32.Trojan.DropperIRC.TKB.49
 Win32.Trojan.DropperVB.hwq
 Win32.Trojan.Fake.MsAntSpy09
 Win32.Trojan.Fakealert.ALO.2
 Win32.Trojan.FakeAlert.ARQ
 Win32.Trojan.Generic.1164417
 Win32.Trojan.Generic.1164934
 Win32.Trojan.Generic.1169606
 Win32.Trojan.Generic.1172849
 Win32.Trojan.Generic.1174885
 Win32.Trojan.Generic.1177937
 Win32.Trojan.Generic.1179764
 Win32.Trojan.Generic.1183770
 Win32.Trojan.Generic.1183788
 Win32.Trojan.Generic.1185229
 Win32.Trojan.Generic.1185230
 Win32.Trojan.Generic.1185244
 Win32.Trojan.Generic.1185250
 Win32.Trojan.Generic.1185276
 Win32.Trojan.Generic.1185328
 Win32.Trojan.Generic.1185840
 Win32.Trojan.Generic.1185845
 Win32.Trojan.Generic.1187360
 Win32.Trojan.Generic.1187535
 Win32.Trojan.Generic.1189017
 Win32.Trojan.Generic.1198833
 Win32.Trojan.Generic.1204940
 Win32.Trojan.Generic.1208651
 Win32.Trojan.Generic.1210907
 Win32.Trojan.Generic.1215774
 Win32.Trojan.Generic.1216608
 Win32.Trojan.Generic.1217231
 Win32.Trojan.Generic.1217362
 Win32.Trojan.Generic.1217588
 Win32.Trojan.Generic.1218719
 Win32.Trojan.Generic.1218907
 Win32.Trojan.Generic.1219918
 Win32.Trojan.Generic.1220478
 Win32.Trojan.Generic.1220604
 Win32.Trojan.Generic.1221276
 Win32.Trojan.Generic.1221772
 Win32.Trojan.Generic.1222260
 Win32.Trojan.Generic.1223189
 Win32.Trojan.Generic.1223340
 Win32.Trojan.Generic.1224710
 Win32.Trojan.Generic.1224821
 Win32.Trojan.Generic.1225825
 Win32.Trojan.Generic.1227021
 Win32.Trojan.Generic.1227319
 Win32.Trojan.Generic.1227820
 Win32.Trojan.Generic.1228000
 Win32.Trojan.Generic.1228440
 Win32.Trojan.Generic.1228457
 Win32.Trojan.Generic.1229323
 Win32.Trojan.Generic.1229827
 Win32.Trojan.Generic.1230545
 Win32.Trojan.Generic.1231416
 Win32.Trojan.Generic.1231422
 Win32.Trojan.Generic.1232851
 Win32.Trojan.Generic.1233699
 Win32.Trojan.Generic.1233710
 Win32.Trojan.Generic.1233715
 Win32.Trojan.Generic.1235534
 Win32.Trojan.Generic.1235550
 Win32.Trojan.Generic.1236493
 Win32.Trojan.Generic.1237036
 Win32.Trojan.Generic.1238155
 Win32.Trojan.Generic.1238250
 Win32.Trojan.Generic.1238812
 Win32.Trojan.Generic.1239628
 Win32.Trojan.Generic.1239834
 Win32.Trojan.Generic.1240440
 Win32.Trojan.Generic.1241153
 Win32.Trojan.Generic.1241873
 Win32.Trojan.Generic.1244863
 Win32.Trojan.Generic.1245284
 Win32.Trojan.Generic.1248502
 Win32.Trojan.Generic.1249272
 Win32.Trojan.Generic.1250225
 Win32.Trojan.Generic.1250420
 Win32.Trojan.Generic.1251219
 Win32.Trojan.Generic.1252575
 Win32.Trojan.Glox.8083
 Win32.Trojan.Jevafus.A.454
 Win32.Trojan.Jevafus.A.465
 Win32.Trojan.Killav.bah.22
 Win32.Trojan.Monder.abst
 Win32.Trojan.Monder.yzo.1
 Win32.Trojan.Obfuscated.1129984.3
 Win32.Trojan.Obfuscated.1166848.3
 Win32.Trojan.Obfuscated.1219584
 Win32.Trojan.Obfuscated.1227264.3
 Win32.Trojan.Obfuscated.1235456.3
 Win32.Trojan.Obfuscated.1439232
 Win32.Trojan.Obfuscated.1651200.4
 Win32.Trojan.Obfuscated.275456.6
 Win32.Trojan.Obfuscated.326144.16
 Win32.Trojan.Obfuscated.334336.14
 Win32.Trojan.Obfuscated.407552.2
 Win32.Trojan.Obfuscated.546816.16
 Win32.Trojan.Obfuscated.546816.23
 Win32.Trojan.Obfuscated.548352.24
 Win32.Trojan.Obfuscated.550912.19
 Win32.Trojan.Obfuscated.571392.15
 Win32.Trojan.Obfuscated.596992.12
 Win32.Trojan.Obfuscated.600064.11
 Win32.Trojan.Obfuscated.600064.12
 Win32.Trojan.Packed.40738
 Win32.Trojan.Packed.42662
 Win32.Trojan.Packed.42675
 Win32.Trojan.Packed.43005
 Win32.Trojan.Packed.44256
 Win32.Trojan.Packed.44923
 Win32.Trojan.Packed.44970
 Win32.Trojan.Packed.45030
 Win32.Trojan.Packed.45596
 Win32.Trojan.Packed.45891
 Win32.Trojan.Pakes.mhc.13
 Win32.Trojan.Patched.CP.26
 Win32.Trojan.PCK.Krap.B.212
 Win32.Trojan.PCK.Krap.B.245
 Win32.Trojan.PCK.Krap.D.17
 Win32.Trojan.PSW.Lolyda.U.59
 Win32.Trojan.PSW.Online.apyi
 Win32.Trojan.PSW.OnlineGames.tywo
 Win32.Trojan.PSW.Sinowal.247832M
 Win32.Trojan.PSW.Stealer.143360.1
 Win32.Trojan.PSW.Wow.dax.4
 Win32.Trojan.PSW.Wow.dkb
 Win32.Trojan.PSW.Wow.dkb.7
 Win32.Trojan.ShareAll.M.7
 Win32.Trojan.Small.JS.2
 Win32.Trojan.Spy.Delf.npo.2
 Win32.Trojan.Spy.WinSpy.XK
 Win32.Trojan.Spy.ZBot.gwj.5
 Win32.Trojan.StartP.GFR.32768
 Win32.Trojan.Subsys.28672.171
 Win32.Trojan.TDss.AE.29
 Win32.Trojan.TDss.AE.30
 Win32.Trojan.Thief.Magania.alql
 Win32.Trojan.Thief.Magania.ancm.1
 Win32.Trojan.Thief.OnLineGames.twke
 Win32.Trojan.Thief.OnLineGames.tyjg.7
 Win32.Trojan.Thief.OnLineGames.tyjo.7
 Win32.Trojan.Thief.OnLineGames.tyvq
 Win32.Trojan.Thief.Wow.drw.7
 Win32.Trojan.Vundo.gai.20
 Win32.Trojan.Vundo.gca.2
 Win32.Trojan.Zlob.43719
 Win32.Trojan.Zlob.44021
 Win32.Trojan.Zlob.44029
 Win32.Trojan.Zlob.45150
 Win32.Worm.Agent.A.10
 Win32.Worm.Agent.HG.1
 Win32.Worm.AutoTDSS.M.57
 Win32.Worm.AutoTDSS.M.68
 Win32.Worm.Downloader.YQ.13
 Win32.Worm.Downloader.YQ.14
 Win32.Worm.IrcBot.366254
 Win32.Worm.Joleee.274944
 Win32.Worm.Mariofev.A
 Win32.Worm.Rbot.135772

Protection Overview
The Update adds 242 new malware signatures, detecting threats posed by malware types such as worms, Trojan horses, hacker's tools, key loggers, browser plug-ins, Adwares, third party cookies, and so forth.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
Zone Labs Spyware Information Center

Connectra NGX R62

How Can I Protect My Network?
Update version for Connectra NGX R62: 692090316

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R62 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Backdoor.Server.Hupigon.fdjg

Connectra NGX R61

How Can I Protect My Network?
Update version for Connectra NGX R61: 692090316

To update your Integrity Clientless Security (ICS) component:

1. On the navigation tree, click Security > SmartDefense Updates.
2. In the Download updated content pane, enter your credentials and check Update Integrity Clientless Security and Integrity Secure Workspace.
3. Click Download Updates.
4. Install security policy. 

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX R61 who have updated their machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Backdoor.Server.Hupigon.fdjg

Connectra NGX R60

How Can I Protect My Network?
Update version for Connectra NGX: 691090316

For instructions on how to update your SmartDefense Service including your Integrity Clientless Security component, please refer to CPSA-2005-11

How Do I Know if My Network is Under Attack?
Users Of Connectra NGX who have updated their Connectra machines will identify logs such as the following (example only, malware name varies by malware detected):

Malware Type: 3rd party cookie
Malware Name: Win32.Backdoor.Server.Hupigon.fdjg