Thanks for sharing this; I must to admit having missed it in a different community discussion back in May. We're running down the indicators of compromise now and will work this into our alerting scheme as best we can.
Sam Hooker | [log in to unmask]
Information Security Engineer
Enterprise Technology Services
The University of Vermont
On 20150701, at 08:51, Scott E Turnbull <[log in to unmask]> wrote:
> A pointer to an article about the existence of a corrupted PuTTY build ran through my feeds, today.
> Apparently this was identified in the wild a couple of years ago, and there are various security filters that have been used in different places to prevent downloads, catch errant network activity, etcetera.
> I know that PuTTY is on the UVM software download page.
> Have there been any explicit actions on the UVM network taken to identify/intercept the bogus PuTTY activity described in the fortinet article?
> Scott Turnbull
> EPSCoR Software Engineer