Check Point Advisories

Security Best Practice: Familiarize Yourself with the General HTTP Worm Catcher

Check Point Reference: SBP-2008-03
Date Published: 2 Mar 2008
Severity: High
Last Updated: Tuesday 01 January, 2008
Source: SmartDefense Research Center
Protection Provided by:
Who is Vulnerable? HTTP Servers & Clients
Vulnerability Description A worm is a self-replicating malware, which propagates by actively sending itself to new machines. There are worms that propagate by using security vulnerabilities in HTTP servers or clients. Some worms are able to open back doors, launch Trojans, stop security applications and destroy computer systems.
Web Intelligence can provide protection against many HTTP threats, including preventing attacks that run malicious code on web servers or clients. SmartDefense allows Administrators to configure worm signatures that will be detected and blocked by Gateways. The SmartDefense subscription service regularly updates signature patterns for common worms. In addition, an Administrator can define custom worm patterns.
Vulnerability DetailsThe Web Intelligence’s General HTTP Worm Catcher can:

 

  • Detect worm encoding variants.
  • Detect cross-protocol worms which propagate through different methods, including file sharing over HTTP.
  • Be updated for new worm patterns and classes, manually or automatically (through the SmartDefense subscription service).

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK