Hi,

recently, we're seeing more and more sign of GIMP becoming mainstream - the availability of several GIMP installers for the Microsoft Windows platforms loaded with trojans is certainly an indication for that.

The most common trojan seems to be InstallIQ. A piece of software that grants the providers of the actual installers plausible deniability because the installers itself is clean, and because the user has to agree to install additional "utilities" during setup.

Case 1:

Step 1: the victim is sent a scam mail pointing to a file at photo-host.net/ (which disguses as a image upload site).

Step 2: the files provided there are .gmp files (huh?)

Step 3: for viewing those files, there's a link to gimphost.com, where the infected installer is located

Case 2:

Another victim or culprit of a related scam seems to be the gimpshop.com site, which used to host a modifed version of GIMP which resembled the Photoshop UI. Either its original author has gone to the Dark Side, or that site has been taken over by a scammer - it is distributing InstallIQ-infected installers.

Advice:

If you see any GIMP installer sites which have a fine print with phrases like

"is distributing a modified installer which is different from the original ones"

or

"InstallIQ"

or

"the installer is compliant with the original software manufacturer's policies"

then do the following:

STAY AWAY FROM THEM!