Update Protection against Recent Malware Threats (5-Jul-09)
| Check Point Reference: | CPAI-2009-117 | |
| Date Published: | ||
| Severity: | ||
| Source: | Trickler: Trojan.Swizzor-D Trickler: Trojan-PSW.Win32.QQPass.gam Rogue-Software: Total Protect 2009 Rogue-Software: Pro Antispyware 2009 Keylogger: W32.Smalltroj.MHYR Trickler: Trojan.Crypt.CY Rogue-Software: Win PC Defender Hijacker: Cinmus Variant Rogue-Software: MS Antispyware 2009 Rogue-Software: XP Police Antivirus Adware: Win32.Frosty |
|
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Microsoft Windows clients | ||
| Vulnerability Description The update includes new protections against 11 recent malware threats: Trickler: Trojan.Swizzor-D - Trojan.Swizzor-D is a downloader Trojan that downloads malicious files form remote hosts onto the infected machines. It also communicates with remote servers and transfers unwanted advertisement related content. Trickler: Trojan-PSW.Win32.QQPass.gam - Trojan-PSW.Win32.QQPass.gam installs malicious code and files into the infected system. The Trojan attempts to steal user's QQ information by modifying system hosts file and redirecting QQ websites access to its controlling website. Rogue-Software: Total Protect 2009 - Total Protect 2009 is a rogue security software that performs fake scans on the system and attempts to scare and trick the users to purchase the software via reporting fake virus and spyware detections and displaying false warnings and alerts. Rogue-Software: Pro Antispyware 2009 - Pro Antispyware 2009 is a rogue security software that performs fake scans on the system and reports false vulnerability and spyware infections. By doing this the software attempts to trick the users into purchasing the license of the software to get full protection. Keylogger: W32.Smalltroj.MHYR - W32.Smalltroj.MHYR is a keylogger that records pressed keys of the infected system in stealth mode. It sends the keystrokes to a predefined server at predefined intervals. Trickler: Trojan.Crypt.CY - Trojan.Crypt.CY is a downloader Trojan that downloads and installs malicious files and unwanted content from remote servers onto the victims machine without their consent. Rogue-Software: Win PC Defender - Win PC Defender is a rogue security software that performs fake scans on the system and attempts to scare and trick the users to purchase the software via reporting fake virus and spyware detections and displaying false warnings and alerts. Rogue-Software: MS Antispyware 2009 - MS Antispyware 2009 is a rogue security software that performs fake scans on the system and reports false and mostly high severity infections on the system. By doing this the software attempts to trick the users into purchasing the license of the software to get full protection. Hijacker: Cinmus Variant - The Cinmus Variant is a browser hijacker application which installs itself as a Browser Helper Object (BHO) on a user's system. It alters the Internet Explorer settings unexpectedly, monitors the user's web activity and hijackes user searches to remote servers. Adware: Win32.Frosty - Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 is an Adware application that along with a screen saver installs other malware on the user's host and also redirects user's searches in Internet Explorer. |
||
|
Vulnerability Details Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network access to intrude upon organizations, destroying or stealing data. Spyware is computer software that is installed without the user's informed consent on a personal computer to intercept or take partial control over the user's interaction with the computer. Spyware programs can collect various types of personal information, install additional software, redirect Web browser activity, or divert advertising revenue to a third party. Adware is an advertising-supported software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. A Trojan horse is a program that installs malicious software while under the guise of doing something else. Trojans are known for installing backdoor programs which allow unauthorized non permissible remote access to the victim's machine by unwanted parties with malicious intentions. |
Protection Overview
The update enables the Header Rejection protection to detect and block the malware based on pre-defined header names.
In order for the protection to be activated, update your Security Gateway/VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.