Security Incidents mailing list archives
RE: Backdoor-CGT
From: "Security Guy" <securityguy () dslextreme com>
Date: Fri, 16 Jul 2004 08:34:43 -0700
We've done all that you list below, as much as possible, but I work in a large enterprise environment with thousands of users - someone will (and has) clicked on the embedded url. Despite numerous warnings and threats of dire consequences, it's just the statistics of human nature. If it was up to me, only a very, very few users would even have internet access; but I just work here! - SG -----Original Message----- From: Nick FitzGerald [mailto:nick () virus-l demon co uk] Sent: Thursday, July 15, 2004 5:52 PM To: incidents () securityfocus com Subject: Re: Backdoor-CGT securityguy () dslextreme com wrote:
McAfee, and several news outlets, are reporting the spread of this trojan horse. Info at http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1266 81 One of the entries at McAfee is that blocking genmexe.biz prevents dowloading the trojan. Has anyone seen an ip address for this url?
I believe that site has been taken down, but the same Trojan has been seen on other sitess. Why not patch your clients and/or simply block all .EXEs from the web with a proper content-filtering gateway running in transparent proxy mode? At least that will give you surer coverage of what to worry about next rather than having to continually wonder if a new bit of spam with a new location for that download got through... And why aren't you asking about the several dozen other similar exploits being actively spammed and pushed through popups and IM and, and, and... ????? Are you really sure you have kept on top of all those sites and their IP addresses and where they moved since yesterday? Blacklisting is no solution to these kinds of things -- find soemthing smarter to waste your time on... Regards, Nick FitzGerald
Current thread:
- Backdoor-CGT securityguy (Jul 15)
- Re: Backdoor-CGT Nick FitzGerald (Jul 16)
- RE: Backdoor-CGT Security Guy (Jul 16)
- Re: Backdoor-CGT Mike Barushok (Jul 16)
- <Possible follow-ups>
- RE: Backdoor-CGT Tim . Spakowski (Jul 16)
- RE: Backdoor-CGT James C Slora Jr (Jul 16)
- Re: Backdoor-CGT Nick FitzGerald (Jul 16)