Re: [Gimp-web] Gimpshop.com

From: Vu Le <Vu_Le symantec com>
To: Alexandre Prokoudine <alexandre prokoudine gmail com>, "gimp-web-list gnome org" <gimp-web-list gnome org>
Subject: Re: [Gimp-web] Gimpshop.com
Date: Thu, 12 Jul 2012 10:38:47 -0700

Thanks Alex, I didn't realize that modifications were legal. I'll communicate this back to our IT team. Cheers!

From: Alexandre Prokoudine <alexandre prokoudine gmail com>
To: "gimp-web-list gnome org" <gimp-web-list gnome org>
Cc: Vu Le <Vu_Le symantec com>
Subject: Re: [Gimp-web] Gimpshop.com

Hi,

We have no relation to GIMPshop whatsoever. That product is a modified version of GIMP, we do not control it and we have no direct contacts to the owner. For all we know, the site could be hacked, and malware could be placed instead of the actual software. Another possibility is a false alarm which seems to be somewhat common.

P.S. Modifications such as GIMPshop are perfectly legal.

Alexandre Prokoudine
http://libregraphicsworld.org

On Thu, Jul 12, 2012 at 9:00 PM, Vu Le <Vu_Le symantec com> wrote:

Hi all,

I have an urgent matter I want to bring to your attention. If you can look into this and confirm, it would be great.

Yesterday, one of our employees downloaded the Windows version from Gimpshop.com. Our IT team alerted us to a trojan horse infection. See below:

Classification:
Trojan Horse Infection
Description:
This incident is a real-time notification for a malware infected host detected on your monitored network. This infection was identified by analyzing your monitored security device logs for known patterns fitting a profile for Trojan horse or backdoor activity.

A Trojan horse is a type of malware characterized by its ability to masquerade as a legitimate application. Many Trojan horses have backdoor communications capabilities. Backdoors allow remote attackers to gather information from or otherwise access the infected host.

A malware infected host residing on your protected network poses a risk to your organization. Many types of malware are multi-functional and have network propagation, remote control, data theft and various other capabilities.
Analyst assessment:
The host identified as the source IP address appears to be infected with Trojan LilyJade. The SOC recommends triaging this host for malware infection.

Can you confirm that this website is serving up malicious content? It seems they are not affiliated with Gimp.org, but are willfully confusing consumers? If so, can you guys get this site shut down and report to search engines like Google to block them and to major security providers?

Thanks!

-Vu

_______________________________________________
gimp-web-list mailing list
gimp-web-list gnome org
https://mail.gnome.org/mailman/listinfo/gimp-web-list

References:
- Re: [Gimp-web] Gimpshop.com
  - From: Alexandre Prokoudine

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]