Re: [Gimp-user] Gimpshop.com
On Thu, 2012-07-12 at 10:10 -0700, Vu Le wrote: > Hi all, > > I have an urgent matter I want to bring to your attention. If you can look > into this and confirm, it would be great. Thanks for making the list aware of this, but the GIMP developers have nothing to do with gimpshop, it's a separate project that doesn't communicate with upstream. --mitch > Yesterday, one of our employees downloaded the Windows version from > Gimpshop.com. Our IT team alerted us to a trojan horse infection. See below: > > Classification: > > Trojan Horse Infection > > Description: > > This incident is a real-time notification for a malware infected host > detected on your monitored network. This infection was identified by > analyzing your monitored security device logs for known patterns fitting a > profile for Trojan horse or backdoor activity. > > A Trojan horse is a type of malware characterized by its ability to > masquerade as a legitimate application. Many Trojan horses have backdoor > communications capabilities. Backdoors allow remote attackers to gather > information from or otherwise access the infected host. > > A malware infected host residing on your protected network poses a risk to > your organization. Many types of malware are multi-functional and have > network propagation, remote control, data theft and various other > capabilities. > > Analyst assessment: > > The host identified as the source IP address appears to be infected with > Trojan LilyJade. The SOC recommends triaging this host for malware infection. > > > > Can you confirm that this website is serving up malicious content? It seems > they are not affiliated with Gimp.org, but are willfully confusing consumers? > If so, can you guys get this site shut down and report to search engines like > Google to block them, their domain registrar, and to major security > providers? It may be a good idea notify all of the journalists who have > written articles that link to this site as well. > > Thanks! > > -Vu > ___ > gimp-user-list mailing list > gimp-user-list@gnome.org > https://mail.gnome.org/mailman/listinfo/gimp-user-list ___ gimp-user-list mailing list gimp-user-list@gnome.org https://mail.gnome.org/mailman/listinfo/gimp-user-list
Re: [Gimp-user] Gimpshop.com
On 07/12/2012 01:39 PM, Tom Williams wrote: > On 07/12/2012 10:10 AM, Vu Le wrote: >> Hi all, >> >> I have an urgent matter I want to bring to your attention. If you >> can look into this and confirm, it would be great. >> >> Yesterday, one of our employees downloaded the Windows version >> from Gimpshop.com. Our IT team alerted us to a trojan horse >> infection. See below: >> >> Classification: >> >> Trojan Horse Infection Worthy of notice: The trojan in question is not a trojan, it is a worm. It resides on cracked web servers. There is no indication that the Gimpshop installer itself is infected. LilyJade is a browser hijacker that can take control of all the "major brands" of browser. Apparently it only works on Microsoft platforms, which may be why it is being called a "virus." For a moment there I thought that the GIMP was getting so popular that some crackers thought it was worth the effort to break into a site hosting a minor variant of it, to plant a rigged version. Alas, no such "luck." :o/ Steve ___ gimp-user-list mailing list gimp-user-list@gnome.org https://mail.gnome.org/mailman/listinfo/gimp-user-list
Re: [Gimp-user] Gimpshop.com
On 07/12/2012 10:10 AM, Vu Le wrote: > Hi all, > > I have an urgent matter I want to bring to your attention. If you can > look into this and confirm, it would be great. > > Yesterday, one of our employees downloaded the Windows version from > Gimpshop.com. Our IT team alerted us to a trojan horse infection. See > below: > > Classification: > > > > Trojan Horse Infection > > Description: > > > > This incident is a real-time notification for a malware infected host > detected on your monitored network. This infection was identified by > analyzing your monitored security device logs for known patterns > fitting a profile for Trojan horse or backdoor activity. > > A Trojan horse is a type of malware characterized by its ability to > masquerade as a legitimate application. Many Trojan horses have > backdoor communications capabilities. Backdoors allow remote attackers > to gather information from or otherwise access the infected host. > > A malware infected host residing on your protected network poses a > risk to your organization. Many types of malware are multi-functional > and have network propagation, remote control, data theft and various > other capabilities. > > Analyst assessment: > > > > The host identified as the source IP address appears to be infected > with Trojan LilyJade. The SOC recommends triaging this host for > malware infection. > > > > Can you confirm that this website is serving up malicious content? It > seems they are not affiliated with Gimp.org, but are willfully > confusing consumers? If so, can you guys get this site shut down and > report to search engines like Google to block them, their domain > registrar, and to major security providers? It may be a good idea > notify all of the journalists who have written articles that link to > this site as well. > > Thanks! > > -Vu > I'm not on the Gimp development team but a Securi scan of the gimpshop.com site did reveal the site HAS been blacklisted by McAfee's SiteAdvisor. Peace... Tom ___ gimp-user-list mailing list gimp-user-list@gnome.org https://mail.gnome.org/mailman/listinfo/gimp-user-list