Re: [Gimp-user] Gimpshop.com
On Thu, 2012-07-12 at 10:10 -0700, Vu Le wrote: > Hi all, > > I have an urgent matter I want to bring to your attention. If you can look > into this and confirm, it would be great. Thanks for making the list aware of this, but the GIMP developers have nothing to do with gimpshop, it's a separate project that doesn't communicate with upstream. --mitch > Yesterday, one of our employees downloaded the Windows version from > Gimpshop.com. Our IT team alerted us to a trojan horse infection. See below: > > Classification: > > Trojan Horse Infection > > Description: > > This incident is a real-time notification for a malware infected host > detected on your monitored network. This infection was identified by > analyzing your monitored security device logs for known patterns fitting a > profile for Trojan horse or backdoor activity. > > A Trojan horse is a type of malware characterized by its ability to > masquerade as a legitimate application. Many Trojan horses have backdoor > communications capabilities. Backdoors allow remote attackers to gather > information from or otherwise access the infected host. > > A malware infected host residing on your protected network poses a risk to > your organization. Many types of malware are multi-functional and have > network propagation, remote control, data theft and various other > capabilities. > > Analyst assessment: > > The host identified as the source IP address appears to be infected with > Trojan LilyJade. The SOC recommends triaging this host for malware infection. > > > > Can you confirm that this website is serving up malicious content? It seems > they are not affiliated with Gimp.org, but are willfully confusing consumers? > If so, can you guys get this site shut down and report to search engines like > Google to block them, their domain registrar, and to major security > providers? It may be a good idea notify all of the journalists who have > written articles that link to this site as well. > > Thanks! > > -Vu > ___ > gimp-user-list mailing list > gimp-user-list@gnome.org > https://mail.gnome.org/mailman/listinfo/gimp-user-list ___ gimp-user-list mailing list gimp-user-list@gnome.org https://mail.gnome.org/mailman/listinfo/gimp-user-list
Re: [Gimp-user] Gimpshop.com
On 07/12/2012 01:39 PM, Tom Williams wrote: > On 07/12/2012 10:10 AM, Vu Le wrote: >> Hi all, >> >> I have an urgent matter I want to bring to your attention. If you >> can look into this and confirm, it would be great. >> >> Yesterday, one of our employees downloaded the Windows version >> from Gimpshop.com. Our IT team alerted us to a trojan horse >> infection. See below: >> >> Classification: >> >> Trojan Horse Infection Worthy of notice: The trojan in question is not a trojan, it is a worm. It resides on cracked web servers. There is no indication that the Gimpshop installer itself is infected. LilyJade is a browser hijacker that can take control of all the "major brands" of browser. Apparently it only works on Microsoft platforms, which may be why it is being called a "virus." For a moment there I thought that the GIMP was getting so popular that some crackers thought it was worth the effort to break into a site hosting a minor variant of it, to plant a rigged version. Alas, no such "luck." :o/ Steve ___ gimp-user-list mailing list gimp-user-list@gnome.org https://mail.gnome.org/mailman/listinfo/gimp-user-list
Re: [Gimp-user] Gimpshop.com
On 07/12/2012 10:10 AM, Vu Le wrote: > Hi all, > > I have an urgent matter I want to bring to your attention. If you can > look into this and confirm, it would be great. > > Yesterday, one of our employees downloaded the Windows version from > Gimpshop.com. Our IT team alerted us to a trojan horse infection. See > below: > > Classification: > > > > Trojan Horse Infection > > Description: > > > > This incident is a real-time notification for a malware infected host > detected on your monitored network. This infection was identified by > analyzing your monitored security device logs for known patterns > fitting a profile for Trojan horse or backdoor activity. > > A Trojan horse is a type of malware characterized by its ability to > masquerade as a legitimate application. Many Trojan horses have > backdoor communications capabilities. Backdoors allow remote attackers > to gather information from or otherwise access the infected host. > > A malware infected host residing on your protected network poses a > risk to your organization. Many types of malware are multi-functional > and have network propagation, remote control, data theft and various > other capabilities. > > Analyst assessment: > > > > The host identified as the source IP address appears to be infected > with Trojan LilyJade. The SOC recommends triaging this host for > malware infection. > > > > Can you confirm that this website is serving up malicious content? It > seems they are not affiliated with Gimp.org, but are willfully > confusing consumers? If so, can you guys get this site shut down and > report to search engines like Google to block them, their domain > registrar, and to major security providers? It may be a good idea > notify all of the journalists who have written articles that link to > this site as well. > > Thanks! > > -Vu > I'm not on the Gimp development team but a Securi scan of the gimpshop.com site did reveal the site HAS been blacklisted by McAfee's SiteAdvisor. Peace... Tom ___ gimp-user-list mailing list gimp-user-list@gnome.org https://mail.gnome.org/mailman/listinfo/gimp-user-list
[Gimp-user] Gimpshop.com
Hi all, I have an urgent matter I want to bring to your attention. If you can look into this and confirm, it would be great. Yesterday, one of our employees downloaded the Windows version from Gimpshop.com. Our IT team alerted us to a trojan horse infection. See below: Classification: Trojan Horse Infection Description: This incident is a real-time notification for a malware infected host detected on your monitored network. This infection was identified by analyzing your monitored security device logs for known patterns fitting a profile for Trojan horse or backdoor activity. A Trojan horse is a type of malware characterized by its ability to masquerade as a legitimate application. Many Trojan horses have backdoor communications capabilities. Backdoors allow remote attackers to gather information from or otherwise access the infected host. A malware infected host residing on your protected network poses a risk to your organization. Many types of malware are multi-functional and have network propagation, remote control, data theft and various other capabilities. Analyst assessment: The host identified as the source IP address appears to be infected with Trojan LilyJade. The SOC recommends triaging this host for malware infection. Can you confirm that this website is serving up malicious content? It seems they are not affiliated with Gimp.org, but are willfully confusing consumers? If so, can you guys get this site shut down and report to search engines like Google to block them, their domain registrar, and to major security providers? It may be a good idea notify all of the journalists who have written articles that link to this site as well. Thanks! -Vu ___ gimp-user-list mailing list gimp-user-list@gnome.org https://mail.gnome.org/mailman/listinfo/gimp-user-list
