By Darren Pauli on Oct 10, 2011 C/NET

What is said to be the first trojan targeting the Python programming language has been discovered.

The Trojan, Python.Pytroj, infected .pyc Python files with arbitrary code and was discovered in a proof of concept form by Symantec researchers.

It was not considered a “serious risk”, researcher Stephen Doherty said.

The virus when executed scans and infects any .pyc Python files it found. and displays the message “you have been exploited”.

The malware worked by interleaving viral code into binary code, deserialised and disassembled by the marshal module of Python.

The module then reassembled and serialised the infected code.

“The malicious code in the binary is not simply added or inserted, but interleaved into the existing binary,” Doherty said.

He said the Python attack vector could become a threat if it was used with dangerous payloads.

Symantec has a detailed analysis on its blog.

The module then reassembled and serialised the infected code.

“The malicious code in the binary is not simply added or inserted, but interleaved into the existing binary,” Doherty said.

Copyright © SC Magazine, Australia

Advertisements