Security Incidents mailing list archives
Re: Backdoor-CGT
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 16 Jul 2004 12:51:44 +1200
securityguy () dslextreme com wrote:
McAfee, and several news outlets, are reporting the spread of this trojan horse. Info at http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=126681 One of the entries at McAfee is that blocking genmexe.biz prevents dowloading the trojan. Has anyone seen an ip address for this url?
I believe that site has been taken down, but the same Trojan has been seen on other sitess. Why not patch your clients and/or simply block all .EXEs from the web with a proper content-filtering gateway running in transparent proxy mode? At least that will give you surer coverage of what to worry about next rather than having to continually wonder if a new bit of spam with a new location for that download got through... And why aren't you asking about the several dozen other similar exploits being actively spammed and pushed through popups and IM and, and, and... ????? Are you really sure you have kept on top of all those sites and their IP addresses and where they moved since yesterday? Blacklisting is no solution to these kinds of things -- find soemthing smarter to waste your time on... Regards, Nick FitzGerald
Current thread:
- Backdoor-CGT securityguy (Jul 15)
- Re: Backdoor-CGT Nick FitzGerald (Jul 16)
- RE: Backdoor-CGT Security Guy (Jul 16)
- Re: Backdoor-CGT Mike Barushok (Jul 16)
- <Possible follow-ups>
- RE: Backdoor-CGT Tim . Spakowski (Jul 16)
- RE: Backdoor-CGT James C Slora Jr (Jul 16)
- Re: Backdoor-CGT Nick FitzGerald (Jul 16)