Intruders Use Draft Email Messages for Attacks
According to a recent report in Wired Magazine, the security firm Shape Security has discovered a new attack method that uses draft email messages to send commands to a compromised system. Most network security systems watch closely for command and control messages that might indicate an attack underway. By hiding the commands in email drafts, the attackers circumvent defense techniques that monitor TCP/IP traffic, and they even avoid defenses that look for attacks through regular email delivery.
Versions of the attack use a webmail system, such as Gmail. The attacker first installs Python on a compromised system and configures it to run scripts saved in the mail draft folder. After that, the attacker just needs to log in to the mail account and save a script within a draft message. When the account is accessed from the client, the script executes. Because the attack is triggered through an ordinary service that does not leave a trace of clandestine activity, it is very difficult to discover. This attack is apparently a variant of the Icoscrript attack, which was discovered last summer.
Wired points out that this attack is oddly reminiscent of the behavior of US Army General David Patraeus and his former lover Paula Broadwell, who apparently used the draft folder in a shared Gmail account to send each other secret love notes.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.