back to article Hackers use DRAFT emails as dead-drops for running malware

Sneaky hackers are using Gmail and Yahoo! drafts to control compromised devices, with the tactic designed to make detection of malware-related communications more difficult to pick up in enterprise environments. Attacks occur in two phases. Hackers first infect a targeted machine via simple malware that installs Python onto …

  1. ecofeco Silver badge
    Thumb Up

    Thanks for the heads up

    Thanks for the heads up El Reg.

    As usual, all your virus articles are much appreciate!

  2. Anonymous Coward
    Anonymous Coward

    simple malware that installs Python onto the device

    Cool. Malware that performs a good deed.

    1. Boork!

      Public notice

      A dangerous virus called 'Python' was discovered on the school's computers by expert system administrator, Mr.Dummschmuck von Bluntknapp. The pupils responsible for this will be obliged to pay the full costs for its removal, and be expelled immediately.

      Signed: Drively K. Bletheringskite, Esq, Headmaster.

  3. Shannon Jacobs
    Holmes

    Why was this old news revived?

    Topic was reported recently, even in the Register. Why the revival today?

    Anyway, we actually could do something about the spam problem. Unfortunately, it would require better tools so that we could help break the spammers' business models, and the companies that could provide such tools obviously don't care that much.

    I know the google has goone EVIL, but I don't know how they are profiting from supporting the spammers. I guess that Microsoft supports the spammers out of professional courtesy, while Yahoo is too incompetent to worry about anything except scheduling their bankruptcy.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why was this old news revived?

      I know the google has goone EVIL, but I don't know how they are profiting from supporting the spammers

      Their spam detection is 99% accurate for my domains - so they're providing a service that people actually like. I guess that's how they're benefiting.

    2. Anonymous Coward
      Anonymous Coward

      Re: Why was this old news revived?

      "help break the spammers' business models"

      Business models, huh? No, I'd go for breaking their fingers.

  4. Franklin

    "Nothing stands out as a red flag and it’s difficult to detect because no footprints are left behind," said the company.

    Shirley the draft emails themselves count as 'footprints,' no?

    1. Anonymous Coward
      Anonymous Coward

      Draft emails as footprint

      Yes they offer a signature.

      But it's on the far side of the internet, invisible to today's AV tools, yet readily accessible from the malware, assuming it knows the email password (?!).

  5. guillermo NL

    "the hacker uses drafts to ensure no mail ever crosses the firewall" (said a security firm). That escapes me. If a draft mail (having commands for or results from the compromised device) needs to be passed between a drafts folder on the web and that compromised machine (how would the malware get instructions?), that message will be transferred using one of the well known mail protocols for doing so. Those can be inspected by Firewalls and AV software may also sit in between? Results may vary, depending on the encryption of the payload.

    It may not be spotted by Yahoo or Gmail if they only check incoming and outgoing mails.

  6. Alan Denman

    devices ?

    and what will we see today through those obtuse Windows children ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like