Update Protections against Recent Malware Threats (30-Mar-09)
| Check Point Reference: | CPAI-2009-054 | |
| Date Published: | ||
| Severity: | ||
| Source: | Backdoor Trojan: Zlob Rogue Software: XP Antispyware 2009 |
|
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Microsoft Windows clients | ||
| Vulnerability Description The update includes new protections against 2 recent malware threats: Backdoor Trojan: Zlob - Zlob is backdoor Trojan that can be installed via malware downloader or exploits. It installs other applications that continuously connect to remote servers and downloads malicious scripts and advertisements content. It also makes changes to the registry keys to control the Internet Explorer, and displays pop-up ads on the victim’s host. Rogue Software: XP Antispyware 2009 - XP Antispyware 2009 is a rogue anti-spyware program that displays enormous amounts of pop-ups, even when the user is not online, and displays fake system notifications, tricking the user into downloading more spyware. It slows down the computer performance and the Internet connection. It may change the Internet settings to redirect the homepage to another site. |
||
|
Vulnerability Details Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network access to intrude upon organizations, destroying or stealing data. Spyware is computer software that is installed without the user's informed consent on a personal computer to intercept or take partial control over the user's interaction with the computer. Spyware programs can collect various types of personal information, install additional software, redirect Web browser activity, or divert advertising revenue to a third party. Adware is an advertising-supported software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. A Trojan horse is a program that installs malicious software while under the guise of doing something else. Trojans are known for installing backdoor programs which allow unauthorized non permissible remote access to the victim's machine by unwanted parties with malicious intentions. |
Protection Overview
The update enables the Header Rejection protection to detect and block the malware based on pre-defined header names.
In order for the protection to be activated, update your Security Gateway/VPN-1/InterSpect product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.