Check Point Advisories

Update Protections against Recent Malware Threats (2-Feb-09)

Vulnerability
Protection

Check Point Reference:	CPAI-2009-006
Date Published:	2 Feb 2009
Severity:	High
Last Updated:	Thursday 01 January, 2009
Source:	CramToolbar Malware: TD.EXE Trojan: Win32.Agent.vvm Spyware: Antivirus 2009 Virus: Win32.Sality.aa Trojan Downloader: Win32.Banload.aajq Trojan Downloader: Exchan.Gen Variant
Protection Provided by:
Who is Vulnerable?	Microsoft Windows clients
Vulnerability Description	Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network access to intrude upon organizations, destroying or stealing data. Spyware is computer software that is installed without the user's informed consent on a personal computer to intercept or take partial control over the user's interaction with the computer. Spyware programs can collect various types of personal information, install additional software, redirect Web browser activity, or divert advertising revenue to a third party. Adware is an advertising-supported software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. A Trojan horse is a program that installs malicious software while under the guise of doing something else.  Trojans are known for installing backdoor programs which allow unauthorized non permissible remote access to the victim's machine by unwanted parties with malicious intentions.
Vulnerability Details	The update includes new protections against 7 recent malware threats: CramToolbar - CramToolbar is a browser hijacker application. It alters the Internet Explorer settings unexpectedly, and hijacks the Internet Explorer start page, home page and auto searches to a porn-related website. Malware: TD.EXE - TD.EXE is a malware that downloads and executes malicious code without the user's consent. It generates pop-ups on the user's desktop every a few minutes. Trojan: Win32.Agent.vvm - Trojan Win32.Agent.vvm downloads malicious code to a user's computer without the user's consent. It alters the Internet Explorer settings unexpectedly, monitors the user's web activities and hijacks the user searches. Spyware: Antivirus 2009 - Antivirus 2009 is a rogue anti-spyware program that floods users with pop-ups and fake system notifications. It hijacks the browser by inserting its own advertisements on the infected system. It may block its homepage access and claim Antivirus to be a legitimate security tool and redirect users to the purchasing page to order a licensed version. If ignored, it will display more severe warnings like blue screen of death and Windows log off page to scare users into buying the product. Virus: Win32.Sality.aa - Virus.Win32.Sality.aa is a virus program that spreads itself through infecting and modifying other files. This malware also connects to remote hosts to download further malicious files. It disables the starting of Task Manager and Windows Registry editors by modifying the registry key values. Trojan Downloader: Win32.Banload.aajq - Trojan-Downloader.Win32.Banload.aajq downloads unwanted files from remote servers into the victims machine via other malware downloaders or software exploits. This malware also makes changes to the registry keys and Internet settings. Trojan Downloader: Exchan.Gen Variant - Trojan Downloader Exchan.Gen Variant is a ba

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our .