On Thu, 2012-07-12 at 10:10 -0700, Vu Le wrote:
> Hi all,
> I have an urgent matter I want to bring to your attention. If you can look
> into this and confirm, it would be great.
Thanks for making the list aware of this, but the GIMP developers have
nothing to do with gimpshop, it's a separate project that doesn't
communicate with upstream.
> Yesterday, one of our employees downloaded the Windows version from
> Gimpshop.com. Our IT team alerted us to a trojan horse infection. See below:
> Trojan Horse Infection
> This incident is a real-time notification for a malware infected host
> detected on your monitored network. This infection was identified by
> analyzing your monitored security device logs for known patterns fitting a
> profile for Trojan horse or backdoor activity.
> A Trojan horse is a type of malware characterized by its ability to
> masquerade as a legitimate application. Many Trojan horses have backdoor
> communications capabilities. Backdoors allow remote attackers to gather
> information from or otherwise access the infected host.
> A malware infected host residing on your protected network poses a risk to
> your organization. Many types of malware are multi-functional and have
> network propagation, remote control, data theft and various other
> Analyst assessment:
> The host identified as the source IP address appears to be infected with
> Trojan LilyJade. The SOC recommends triaging this host for malware infection.
> Can you confirm that this website is serving up malicious content? It seems
> they are not affiliated with Gimp.org, but are willfully confusing consumers?
> If so, can you guys get this site shut down and report to search engines like
> Google to block them, their domain registrar, and to major security
> providers? It may be a good idea notify all of the journalists who have
> written articles that link to this site as well.
> gimp-user-list mailing list
gimp-user-list mailing list