Hi all,

I have an urgent matter I want to bring to your attention. If you can look into 
this and confirm, it would be great.

Yesterday, one of our employees downloaded the Windows version from 
Gimpshop.com. Our IT team alerted us to a trojan horse infection. See below:


Trojan Horse Infection


This incident is a real-time notification for a malware infected host detected 
on your monitored network. This infection was identified by analyzing your 
monitored security device logs for known patterns fitting a profile for Trojan 
horse or backdoor activity.

A Trojan horse is a type of malware characterized by its ability to masquerade 
as a legitimate application. Many Trojan horses have backdoor communications 
capabilities. Backdoors allow remote attackers to gather information from or 
otherwise access the infected  host.

A malware infected host residing on your protected network poses a risk to your 
organization. Many types of malware are multi-functional and have network 
propagation, remote control, data theft and various other capabilities.

Analyst assessment:

The host identified as the source IP address appears to be infected with Trojan 
LilyJade. The SOC recommends triaging this host for malware infection.

Can you confirm that this website is serving up malicious content? It seems 
they are not affiliated with Gimp.org, but are willfully confusing consumers? 
If so, can you guys get this site shut down and report to search engines like 
Google to block them, their domain registrar, and to major security providers? 
It may be a good idea notify all of the journalists who have written articles 
that link to this site as well.


gimp-user-list mailing list

Reply via email to