<div dir="ltr"><div class="gmail_default" style="font-size:small">On Thu, May 17, 2018 at 5:26 AM, Ryan Saunders <span dir="ltr"><<a href="mailto:saunders@aggienetwork.com" target="_blank">saunders@aggienetwork.com</a>></span> wrote:<br></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang="EN-US" link="blue" vlink="#954F72">
<div class="m_-1885871861842859729WordSection1">
<p class="MsoNormal">Hello webmaster,</p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">A little over a week ago, I got hit by a rather nasty virus…one of those “ransomware” viruses that encrypts everything on your disk and then demands bitcoin payment in exchange for the decryption key. Yuck.</p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">One potential way in which this virus might have gotten onto my system is via a version of Python I downloaded, as I was working on a script to auto-download Python around that time. It’s a bit difficult to be sure, since (a) my antivirus
 (Windows Defender) didn’t notice the virus at all and (b) most files on my HDD are now hopelessly encrypted, including the copies of Python I downloaded, which makes postmortem analysis…difficult.</p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I plan to do some more investigation to try to determine exactly how I got this bug, but I thought it prudent to bring this to your attention quickly, just in case Python actually
<i>was</i> the infection vector, so that you can remove any infected files from your download site.</p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">If I recall correctly, the versions of Python that I was working with were the following:</p>
<ul style="margin-top:0in" type="disc">
<li class="m_-1885871861842859729MsoListParagraph" style="margin-left:0in"><a href="https://www.python.org/ftp/python/3.7.0/python-3.7.0b4-amd64.exe" target="_blank">https://www.python.org/ftp/<wbr>python/3.7.0/python-3.7.0b4-<wbr>amd64.exe</a></li><li class="m_-1885871861842859729MsoListParagraph" style="margin-left:0in"><a href="https://www.python.org/ftp/python/3.7.0/python-3.7.0b4-embed-amd64.zip" target="_blank">https://www.python.org/ftp/<wbr>python/3.7.0/python-3.7.0b4-<wbr>embed-amd64.zip</a></li><li class="m_-1885871861842859729MsoListParagraph" style="margin-left:0in"><a href="https://www.python.org/ftp/python/3.7.0/python-3.7.0b3-amd64.exe" target="_blank">https://www.python.org/ftp/<wbr>python/3.7.0/python-3.7.0b3-<wbr>amd64.exe</a></li><li class="m_-1885871861842859729MsoListParagraph" style="margin-left:0in"><a href="https://www.python.org/ftp/python/3.7.0/python-3.7.0b3-embed-amd64.zip" target="_blank">https://www.python.org/ftp/<wbr>python/3.7.0/python-3.7.0b3-<wbr>embed-amd64.zip</a></li><li class="m_-1885871861842859729MsoListParagraph" style="margin-left:0in"><a href="https://www.python.org/ftp/python/3.6.5/python-3.6.5-amd64.exe" target="_blank">https://www.python.org/ftp/<wbr>python/3.6.5/python-3.6.5-<wbr>amd64.exe</a></li><li class="m_-1885871861842859729MsoListParagraph" style="margin-left:0in"><a href="https://www.python.org/ftp/python/3.6.5/python-3.6.5-embed-amd64.zip" target="_blank">https://www.python.org/ftp/<wbr>python/3.6.5/python-3.6.5-<wbr>embed-amd64.zip</a></li></ul>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">The virus is the “Arrow” virus, which most antivirus sites identify as a variant of the “dharma/crysys” family of malware. Unfortunately, Windows Defender did not catch it, so I’m not sure what AV tools to recommend. But I do suggest scanning
 the above files with whatever AV tools are at your disposal, just to be on the safe side, so that no one else contracts this thing.</p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">If I am later able to determine conclusively the source of my infection, I will let you know.</p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Ryan</p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Sent from <a href="https://go.microsoft.com/fwlink/?LinkId=550986" target="_blank">
Mail</a> for Windows 10</p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>

<br>______________________________<wbr>_________________<br>
Webmaster mailing list<br>
<a href="mailto:Webmaster@python.org">Webmaster@python.org</a><br>
<a href="https://mail.python.org/mailman/listinfo/webmaster" rel="noreferrer" target="_blank">https://mail.python.org/<wbr>mailman/listinfo/webmaster</a><br>
<br></blockquote></div><div class="gmail_default" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Hi Ryan,</div><div class="gmail_default" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div class="gmail_default" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Thanks for your note, and I'm sorry to hear that you have fallen victim to malware.</div><div class="gmail_default" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div class="gmail_default" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">I suspect the probability of a virus in the official installer distributions is very low. I understand that the release process for Windows does involve anti-virus scans, and I am not personally aware of even any false positives on 3.6.</div><div class="gmail_default" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div class="gmail_default" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Since 3.7.0 is a pre-release I am notifying the developers list as a precaution. You will hear from them if they require any further information.<br class="gmail-Apple-interchange-newline"></div><div class="gmail_default" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div class="gmail_default" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Good luck restoring your system.</div><div class="gmail_default" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div class="gmail_default" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">regards</div><div class="gmail_default" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"> Steve</div><div class="gmail_default" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br></div><br class="gmail-Apple-interchange-newline"><br></div></div>