Re: Backdoor-CGT

[Nick FitzGerald <nick () virus-l demon co uk>]

securityguy () dslextreme com wrote:

> McAfee, and several news outlets, are reporting the spread of this trojan
> horse.  Info at
> http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=126681
>
> One of the entries at McAfee is that blocking genmexe.biz prevents
> dowloading the trojan.  Has anyone seen an ip address for this url?

I believe that site has been taken down, but the same Trojan has been 
seen on other sitess.

Why not patch your clients and/or simply block all .EXEs from the web 
with a proper content-filtering gateway running in transparent proxy 
mode?

At least that will give you surer coverage of what to worry about next 
rather than having to continually wonder if a new bit of spam with a 
new location for that download got through...

And why aren't you asking about the several dozen other similar 
exploits being actively spammed and pushed through popups and IM and, 
and, and... ?????  Are you really sure you have kept on top of all 
those sites and their IP addresses and where they moved since 
yesterday?

Blacklisting is no solution to these kinds of things -- find soemthing 
smarter to waste your time on...


Regards,

Nick FitzGerald