Update Protections against Recent Malware Threats (19-Jan-09)
| Check Point Reference: | CPAI-2009-005 | |
| Date Published: | ||
| Severity: | ||
| Source: | Adware: BHO.gen Adware: Win32.Mostofate Adware: Win32 Agent BM Spyware: WinSpywareProtect |
|
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows clients | ||
| Vulnerability Description Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network access to intrude upon organizations, destroying or stealing data. Spyware is computer software that is installed without the user's informed consent on a personal computer to intercept or take partial control over the user's interaction with the computer. Spyware programs can collect various types of personal information, install additional software, redirect Web browser activity, or divert advertising revenue to a third party. Adware is an advertising-supported software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. A Trojan horse is a program that installs malicious software while under the guise of doing something else. Trojans are known for installing backdoor programs which allow unauthorized non permissible remote access to the victim's machine by unwanted parties with malicious intentions. |
||
|
Vulnerability Details The update includes new protections against 4 recent malware threats: Adware: BHO.gen - Adware BHO.gen is a browser hijacker that displays critical alert windows. It also displays random pop-up windows warning users they are infected. Adware: Win32.Mostofate - Adware Mostofate is an adware toolbar that hijacks the user's browser and redirect the searches and results to its own server. It may also randomly generate pop-up advertisements. Adware: Win32 Agent BM - Adware.Win32.Agent.BM is a generic type of Trojan. It causes damage to the machine by infesting themselves with many executables. It adds programs and makes system registry changes as well as contact many spyware and adware related network servers. Spyware: WinSpywareProtect - WinSpywareProtect is a rogue anti-spyware application that downloads other malicious code and display misleading and exaggerated reports of threats for the computer. It displays warning messages in the forms of pop-up screens alerting users that their system is infected and attempts to trick users into buying the application. |
Protection Overview
The update enables the Header Rejection protection and the HTTP Worm Catcher to detect and block the malware based on pre-defined header names and worm signatures.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.