Hi all,
I have an urgent matter I want to bring to your attention.
If you can look into this and confirm, it would be great.
Yesterday, one of our employees downloaded the Windows
version from Gimpshop.com. Our IT team alerted us to a trojan
horse infection. See below:
|
Classification:
|
Trojan Horse
Infection
|
|
Description:
|
This incident
is a real-time notification for a malware
infected host detected on your monitored
network. This infection was identified by
analyzing your monitored security device logs
for known patterns fitting a profile for Trojan
horse or backdoor activity.
A Trojan horse is a type of malware
characterized by its ability to masquerade as a
legitimate application. Many Trojan horses have
backdoor communications capabilities. Backdoors
allow remote attackers to gather information
from or otherwise access the infected host.
A malware infected host residing on your
protected network poses a risk to your
organization. Many types of malware are
multi-functional and have network propagation,
remote control, data theft and various other
capabilities.
|
|
Analyst
assessment:
|
The host
identified as the source IP address appears to
be infected with Trojan LilyJade. The SOC
recommends triaging this host for malware
infection.
|
Can you confirm that this website is serving up malicious
content? It seems they are not affiliated with Gimp.org, but
are willfully confusing consumers? If so, can you guys get
this site shut down and report to search engines like Google
to block them, their domain registrar, and to major security
providers? It may be a good idea notify all of the journalists
who have written articles that link to this site as well.
Thanks!
-Vu
