Re: [Gimp-user] gimpx? possible malicious software using Gimp name

[Steve Kinney]

On 05/26/2013 06:56 PM, Øyvind Kolås wrote:
> On Mon, May 27, 2013 at 12:17 AM, Steve Kinney  > wrote:

[ ... ]

> The reason for the question was that "show other downloads" is
> supposed to be for other platforms than the one you are browsing with ;)

Well that makes sense - very clever, and not at all hard to justify!

:o)

Steve






___
gimp-user-list mailing list
gimp-user-list@gnome.org
https://mail.gnome.org/mailman/listinfo/gimp-user-list

Re: [Gimp-user] gimpx? possible malicious software using Gimp name

[Øyvind Kolås]

On Mon, May 27, 2013 at 12:17 AM, Steve Kinney  wrote:

> On 05/26/2013 03:43 PM, Michael Schumacher wrote:
> > On 26.05.2013 21:07, Steve Kinney wrote:
> >
> >> At present, the link to the Windows port on the Downloads page at
> >> gimp.org is hidden behind a "show other downloads" link buried in
> >> the middle of the page.
> >
> > You're not using a Windows platform, are you?
>
> Nope, left that nonsense behind ages ago.  At the moment my main
> workstation is running Mint 14 w/Cinnamon, see:
>

The reason for the question was that "show other downloads" is supposed to
be for other platforms than the one you are browsing with ;)

/Ø
___
gimp-user-list mailing list
gimp-user-list@gnome.org
https://mail.gnome.org/mailman/listinfo/gimp-user-list

Re: [Gimp-user] gimpx? possible malicious software using Gimp name

[Steve Kinney]

On 05/26/2013 04:35 PM, Jernej Simončič wrote:
> On Sun, 26 May 2013 15:07:06 -0400, Steve Kinney wrote:
> 
>> The owner of the domain name "gimpx.org" is hiding behind a
>> pseudo-anonymous registrar.  That in itself is enough to rule out
>> installing anything offered on the site.
> 
> My own domains all have privacy protection enabled - and one of them is the
> first place where I offer the installers, often days before I upload them
> to SourceForge.

A matter of preference... but I bet the people who download code
from your sites know exactly who they are dealing with!

:o)

Steve



___
gimp-user-list mailing list
gimp-user-list@gnome.org
https://mail.gnome.org/mailman/listinfo/gimp-user-list

Re: [Gimp-user] gimpx? possible malicious software using Gimp name

[Steve Kinney]

On 05/26/2013 03:43 PM, Michael Schumacher wrote:
> On 26.05.2013 21:07, Steve Kinney wrote:
> 
>> At present, the link to the Windows port on the Downloads page at
>> gimp.org is hidden behind a "show other downloads" link buried in
>> the middle of the page.
> 
> You're not using a Windows platform, are you?

Nope, left that nonsense behind ages ago.  At the moment my main
workstation is running Mint 14 w/Cinnamon, see:

http://pilobilus.net/linux_mint_review.html

For my take on the quality and reliability of Microsoft products,
see the sections on System Security and Hardware Level Attacks here:

http://pilobilus.net/comsec-101.html

I have pretty much settled on Debian Testing as a replacement for
Mint when it "expires" next year.

:o)

Steve



___
gimp-user-list mailing list
gimp-user-list@gnome.org
https://mail.gnome.org/mailman/listinfo/gimp-user-list

Re: [Gimp-user] gimpx? possible malicious software using Gimp name

[Jernej Simončič]

On Sun, 26 May 2013 15:07:06 -0400, Steve Kinney wrote:

> The owner of the domain name "gimpx.org" is hiding behind a
> pseudo-anonymous registrar.  That in itself is enough to rule out
> installing anything offered on the site.

My own domains all have privacy protection enabled - and one of them is the
first place where I offer the installers, often days before I upload them
to SourceForge.

-- 
< Jernej Simončič ><><><><>< http://eternallybored.org/ >

___
gimp-user-list mailing list
gimp-user-list@gnome.org
https://mail.gnome.org/mailman/listinfo/gimp-user-list

Re: [Gimp-user] gimpx? possible malicious software using Gimp name

[Michael Schumacher]

On 26.05.2013 21:07, Steve Kinney wrote:


At present, the link to the Windows port on the Downloads page at
gimp.org is hidden behind a "show other downloads" link buried in
the middle of the page.


You're not using a Windows platform, are you?


--
Regards,
Michael
___
gimp-user-list mailing list
gimp-user-list@gnome.org
https://mail.gnome.org/mailman/listinfo/gimp-user-list

Re: [Gimp-user] gimpx? possible malicious software using Gimp name

[Steve Kinney]

On 05/26/2013 08:48 AM, Michael Schumacher wrote:
> On 25.05.2013 19:22, Michael Strout wrote:
>> Hi all,
>>   I just received a text message on google voice with
>> something which
>> was made to look like a failed image embed that led to this page
>> http://imgsend.com/?photo=792MBQ which talked about requiring a
>> gimp photo
>> viewer for a .JPG.GMP file.  Links lead to a gimpx.org domain
>> which thing
>> looks like a malicious site crafted to fool windows users into
>> installing
>> malware to me.
> 
> Yes, it is. See
> https://mail.gnome.org/archives/gimp-developer-list/2012-August/msg00074.html
> for an analysis, with slightly different urls.

The owner of the domain name "gimpx.org" is hiding behind a
pseudo-anonymous registrar.  That in itself is enough to rule out
installing anything offered on the site.

The hosting service where the gimpx.org website lives,
secureserver.net, presents a "404 page not found" notice at
http://secureserver.net/index.html, another strong indicator of
"other than honest" intentions.

>> If I'm incorrect and this is somehow a valid tool please let me
>> know to set my mind at ease.
> 
> This isn't a valid tool. Most likely a trojan.

Looks that way to me.  Maybe somebody who has the time and interest
will install it in a virtual machine and audit the results to
determine what the gimpx.org installer actually is/does.  But
directing users to the "real goods" provides a complete solution, so
why bother?

>> If not, does anyone know if there's something that can be done
>> about it?
> 
> Educating users would be the best approach. Any suggestions how to
> phrase a warning for www.gimp.org/downloads?

The Windows installation instructions in my GIMP tutorial for
beginners at http://pilobilus.net/gimp_tutorial.html conclude with:

Warning! Do not download the GIMP from unofficial websites offering
"Free Downloads." Sabotaged GIMP installers rigged with trojans have
been discovered in the wild.

The phrase "rigged with trojans" has a hyperlink to:

http://blog.meetthegimp.org/yay-mainstream-and-trojaned-gimp-installers/

It might be useful to put a warning like this on the front page of
the GIMP site, followed by a link to the relevant Sourceforge page
for the "real" Windows port.  The educational impact would be
substantial.

Also, the GIMP site's front page has a Google rank of 7 (out of 10
on a log scale), so a hyperlink here would add a lot of weight in
search result placement of the Sourceforge page for the GIMP
installer.  This would help prevent search engines from being
manipulated via SEO to send people to sites with trojanized GIMP
installers.

At present, the link to the Windows port on the Downloads page at
gimp.org is hidden behind a "show other downloads" link buried in
the middle of the page.  This is hard to justify, as the majority of
current and potential users are on Microsoft platforms.  The GIMP is
a *powerful* gateway drug for Free Software, so (literally) hiding
it from people who are using Microsoft junk does Linux advocacy no
favors.

I would be inclined to move the link for Windoze installers to the
top of the Downloads page on the GIMP website.  The higher on the
page this link appears, the more likely that a search engine will
direct would-be first time users there, rather than to a hosting
service for malware.

:o)

Steve



___
gimp-user-list mailing list
gimp-user-list@gnome.org
https://mail.gnome.org/mailman/listinfo/gimp-user-list

Re: [Gimp-user] gimpx? possible malicious software using Gimp name

[Michael Schumacher]

On 25.05.2013 19:22, Michael Strout wrote:

Hi all,
  I just received a text message on google voice with something which
was made to look like a failed image embed that led to this page
http://imgsend.com/?photo=792MBQ which talked about requiring a gimp photo
viewer for a .JPG.GMP file.  Links lead to a gimpx.org domain which thing
looks like a malicious site crafted to fool windows users into installing
malware to me.


Yes, it is. See
https://mail.gnome.org/archives/gimp-developer-list/2012-August/msg00074.html 
for an analysis, with slightly different urls.



If I'm incorrect and this is somehow a valid tool please let me know to set
my mind at ease.


This isn't a valid tool. Most likely a trojan.


If not, does anyone know if there's something that can be done about it?


Educating users would be the best approach. Any suggestions how to 
phrase a warning for www.gimp.org/downloads?



--
Regards,
Michael

___
gimp-user-list mailing list
gimp-user-list@gnome.org
https://mail.gnome.org/mailman/listinfo/gimp-user-list

Re: [Gimp-user] gimpx? possible malicious software using Gimp name

[scl]

On 25.05.13 at 7:22 PM Michael Strout wrote:


http://imgsend.com/?photo=792MBQ which talked about requiring a gimp photo
viewer for a .JPG.GMP file.  Links lead to a gimpx.org domain which thing


That is obviously an attempt to abuse GIMPs name for something 
different, if not malicious activities.

GIMPs own image files don't have the GMP extension and GIMPs website is
not gimpx.org.
Don't let yourself be fooled.

Kind regards,

Sven


___
gimp-user-list mailing list
gimp-user-list@gnome.org
https://mail.gnome.org/mailman/listinfo/gimp-user-list

[Gimp-user] gimpx? possible malicious software using Gimp name

[Michael Strout]

Hi all,
 I just received a text message on google voice with something which
was made to look like a failed image embed that led to this page
http://imgsend.com/?photo=792MBQ which talked about requiring a gimp photo
viewer for a .JPG.GMP file.  Links lead to a gimpx.org domain which thing
looks like a malicious site crafted to fool windows users into installing
malware to me.

If I'm incorrect and this is somehow a valid tool please let me know to set
my mind at ease.  If not, does anyone know if there's something that can be
done about it?
___
gimp-user-list mailing list
gimp-user-list@gnome.org
https://mail.gnome.org/mailman/listinfo/gimp-user-list