Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Protection against Torpig trojan

Subscribe

Check Point Reference: CPAI-2011-317
Date Published:
Severity:
Source: Check Point IPS Research Team
Protection Provided by: Security Gateway
  • R75
Who is Vulnerable?
Microsoft Windows
Vulnerability Description
Torpig is a type of botnet spread by a variety of trojan horses which can affect computers that use Microsoft Windows. Torpig circumvents anti-virus applications through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer.
Vulnerability Details
Torpig is a type of botnet spread by a variety of trojan horses which can affect computers that use Microsoft Windows. Torpig circumvents anti-virus applications through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer.

Protection Overview
This protection will detect and block post-infection traffic of Torpig.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75 / R71 / R70

How Can I Protect My Network?
1. In the IPS tab, click Protections and find the Trojan: Torpig protection using the Search tool and Edit the protection's settings.
2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
How Do I Know if My Network is Under Attack? SmartView Tracker will log the following entries:
Attack Name: Malware Traffic
Attack Information: Torpig Trojan CnC traffic