Python Forum
Malware in Python 32-bit Installer v 3.2.4 Windows
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Malware in Python 32-bit Installer v 3.2.4 Windows
#1
Hi All,

Just registered to let you know about a possible issue with one of your files. I assume this is the most appropriate place (issues to be reported here).

Hope not wasting anyone's time with false positive but I downloaded the 32-bit msi for version 3.2.4 for Windows. As usual ran a virus scan and it came up with the following result

(Checked using this online tool: https://www.virustotal.com/ )

Infected with :
Win32.Trojan.WisdomEyes.16070401.9500.9884

https://www.python.org/download/releases/3.2.4/

I checked another version's msi file and it was fine with no malware detected.

Unless I did something wrong the msi sig matched the file okay (checked with Kleopatra on Windows) so it has not been replaced though the program could not verify the certificate used (am assuming this part fine as it's not centrally certified though I'm unsure).

Just thought i would raise here.
Smile
Cheers,

Clown
Reply
#2
None of the users here are the developers handling python at this forum. This forum is for helping with programming in python.

https://docs.python.org/3.1/bugs.html
Recommended Tutorials:
Reply
#3
Okay, thanks for moving. Guess this can stay here for awareness.

The link you provided appears to be for bug reports on Python itself rather than the installer being corrupted. I will just email.

Thanks,

Clown
Reply
#4
Actually, we are a Python Forum and not a part of the Python Organization. If you feel that there is a bug in the software, you should report it to https://bugs.python.org/, giving as much detail as possible.

That said, version 3.2.4 has been out for quite some time (consider they are now at 3.6.4) and has been installed perhaps thousands of times and there have not been any bugs reported concerning viruses. You mention only using one virus detection tool, which would lead me to think it was a false positive, particularly if the file and key match. You didn't mention which version of Windows you are running or why you are trying to run such an old version of Python but you might want to try a second virus detector and see if you get the same result.
If it ain't broke, I just haven't gotten to it yet.
OS: Windows 10, openSuse 42.3, freeBSD 11, Raspian "Stretch"
Python 3.6.5, IDE: PyCharm 2018 Community Edition
Reply
#5
i would also check the issue tracker for that version. You might find that a certain feature causes a false positive. Why are you using such an old version anyways?
Recommended Tutorials:
Reply
#6
(Mar-07-2018, 02:23 PM)sparkz_alot Wrote: Actually, we are a Python Forum and not a part of the Python Organization. If you feel that there is a bug in the software, you should report it to https://bugs.python.org/, giving as much detail as possible.

That said, version 3.2.4 has been out for quite some time (consider they are now at 3.6.4) and has been installed perhaps thousands of times and there have not been any bugs reported concerning viruses. You mention only using one virus detection tool, which would lead me to think it was a false positive, particularly if the file and key match. You didn't mention which version of Windows you are running or why you are trying to run such an old version of Python but you might want to try a second virus detector and see if you get the same result.

Yes, I didn't really understand which community I was posting in - sorry about that (though still probably worth knowing our end as well).

I sent an email to them - presumably if they feel it's an issue they will sort it.

Windows 7 but it was an online checker so that's irrelevant. I take your point that it hasn't been reported and I suspect that you are probably correct about it being fine - but just because it's been used before but I would never assume it was safe. I did try a couple and it they didn't detect anything. Still, no way I'm installing that version though!

Happy to give the backstory but if a file is being hosted that's infected it needs sorting so I didn't say anything! :)

Thanks both for the pointers. I looked through the issues log (good to know this is here too). The reason for this version was just I was running through a tutorial with some inter-dependencies and other libraries and things and IMHO CBA with version issues! I just needed something done very quickly and lazily while learning the minimum amount i.e. I'm at work and it's one of those days.

I guess the online scanner may have been running in my browser in which case my OS would possibly be an issue.

Anyway looked through the issues log - nothing for that version in the version drop down but searching for malware a couple of other people found this kind of issue on install. Maybe I will log here.

If not then I guess worth contacting the AV company and see if they can look at their false positive. Presumably python is used in a lot of malware being so widely used and maybe some bits of the installer look like malware even if legit. Not sure if I can explain how exactly but seems sensible.
Reply
#7
It's a false positive,you see that 56 mark is at clean and 1 positive(also marked as clean).
If it's malware there always more than 1 report.
(Mar-07-2018, 02:40 PM)clownzilla Wrote: The reason for this version was just I was running through a tutorial with some inter-dependencies and other libraries and things and IMHO CBA with version issues!
Python 3 is backwards compatible,so everything that work in 3.2.4 will also work in 3.6.4.
Python 3.6 and pip installation under Windows
Reply
#8
(Mar-07-2018, 06:09 PM)snippsat Wrote: It's a false positive,you see that 56 mark is at clean and 1 positive(also marked as clean).
If it's malware there always more than 1 report.
(Mar-07-2018, 02:40 PM)clownzilla Wrote: The reason for this version was just I was running through a tutorial with some inter-dependencies and other libraries and things and IMHO CBA with version issues!
Python 3 is backwards compatible,so everything that work in 3.2.4 will also work in 3.6.4.
Python 3.6 and pip installation under Windows

Interestingly if you scan the URL it is clean although they would have aggregated the results probably differently. Maybe the files Baidu recorded were from infected machines or something (although presumably they verify the signature on aggregation of data). I think you are probably right.

Didn't know about the backwards compatibility within major version number - thanks.
Reply
#9
Come on, I remember back in the days when I was still using Windows and I had installed some antivirus program and that false virus alarm was almost constantly.
"As they say in Mexico 'dosvidaniya'. That makes two vidaniyas."
https://freedns.afraid.org
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines rob101 3 529 Jan-30-2024, 01:54 PM
Last Post: rob101
  How to distribute a Python application with a web-based installer? toshiEAB 0 1,573 Oct-14-2020, 09:40 AM
Last Post: toshiEAB
  Malware in colourama package ichabod801 0 1,959 Oct-31-2018, 03:04 PM
Last Post: ichabod801

Forum Jump:

User Panel Messages

Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020