On Thu, May 17, 2018 at 5:26 AM, Ryan Saunders <saund...@aggienetwork.com> wrote:
> Hello webmaster, > > > > A little over a week ago, I got hit by a rather nasty virus…one of those > “ransomware” viruses that encrypts everything on your disk and then demands > bitcoin payment in exchange for the decryption key. Yuck. > > > > One potential way in which this virus might have gotten onto my system is > via a version of Python I downloaded, as I was working on a script to > auto-download Python around that time. It’s a bit difficult to be sure, > since (a) my antivirus (Windows Defender) didn’t notice the virus at all > and (b) most files on my HDD are now hopelessly encrypted, including the > copies of Python I downloaded, which makes postmortem analysis…difficult. > > > > I plan to do some more investigation to try to determine exactly how I got > this bug, but I thought it prudent to bring this to your attention quickly, > just in case Python actually *was* the infection vector, so that you can > remove any infected files from your download site. > > > > If I recall correctly, the versions of Python that I was working with were > the following: > > - https://www.python.org/ftp/python/3.7.0/python-3.7.0b4-amd64.exe > - https://www.python.org/ftp/python/3.7.0/python-3.7.0b4- > embed-amd64.zip > - https://www.python.org/ftp/python/3.7.0/python-3.7.0b3-amd64.exe > - https://www.python.org/ftp/python/3.7.0/python-3.7.0b3- > embed-amd64.zip > - https://www.python.org/ftp/python/3.6.5/python-3.6.5-amd64.exe > - https://www.python.org/ftp/python/3.6.5/python-3.6.5-embed-amd64.zip > > > > The virus is the “Arrow” virus, which most antivirus sites identify as a > variant of the “dharma/crysys” family of malware. Unfortunately, Windows > Defender did not catch it, so I’m not sure what AV tools to recommend. But > I do suggest scanning the above files with whatever AV tools are at your > disposal, just to be on the safe side, so that no one else contracts this > thing. > > > > If I am later able to determine conclusively the source of my infection, I > will let you know. > > > > Ryan > > > > Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for > Windows 10 > > > > _______________________________________________ > Webmaster mailing list > webmas...@python.org > https://mail.python.org/mailman/listinfo/webmaster > > Hi Ryan, Thanks for your note, and I'm sorry to hear that you have fallen victim to malware. I suspect the probability of a virus in the official installer distributions is very low. I understand that the release process for Windows does involve anti-virus scans, and I am not personally aware of even any false positives on 3.6. Since 3.7.0 is a pre-release I am notifying the developers list as a precaution. You will hear from them if they require any further information. Good luck restoring your system. regards Steve
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
