Python has arrived!

Ian Kelly ian.g.kelly at gmail.com
Fri Nov 7 05:43:00 CET 2014


On Nov 6, 2014 10:47 PM, "Sturla Molden" <sturla.molden at gmail.com> wrote:
>
> Grant Edwards <invalid at invalid.invalid> wrote:
> > According to
> >
http://www.theregister.co.uk/2014/11/06/hackers_use_gmail_drafts_as_dead_drops_to_control_malware_bots
:
> >
> >   "Attacks occur in two phases. Hackers first infect a targeted
> >    machine via simple malware that installs Python onto the device,
> >    [...]"
> >
>
> A virus that runs on Python. It had to happen sooner or later.

It's not a Python virus. The infection vector can be anything. The
interesting part is that they're using browser automation to open a
real-time, encrypted, virtually undetectable and untraceable channel to the
malware over a port (443) that is frequently used and very rarely blocked,
via a host (gmail.com) that is also frequently used and rarely blocked (and
there would likely be plenty of alternatives to choose from if it were),
and without needing to create any sort of server on the target machine. The
fact that Python is involved is incidental.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20141106/130bee5d/attachment.html>


More information about the Python-list mailing list