* Posts by guillermo NL

1 publicly visible post • joined 7 Nov 2014

Hackers use DRAFT emails as dead-drops for running malware

guillermo NL

"the hacker uses drafts to ensure no mail ever crosses the firewall" (said a security firm). That escapes me. If a draft mail (having commands for or results from the compromised device) needs to be passed between a drafts folder on the web and that compromised machine (how would the malware get instructions?), that message will be transferred using one of the well known mail protocols for doing so. Those can be inspected by Firewalls and AV software may also sit in between? Results may vary, depending on the encryption of the payload.

It may not be spotted by Yahoo or Gmail if they only check incoming and outgoing mails.