14 DAY TRIAL // Symantec recently discovered a proof-of-concept virus called Python.Pytroj that's based on Python programming, which can easily infect .pyc files with code of its own.
Even though this piece of malware doesn't present any risk so far as it had been spotted in the wild only on very few occasions, the method used to release the infection is fairly new and it should be taken into consideration by security analysts.
In the presented case, files with the pyc extension are submitted to the test as these are the ones that emerge once a .py program is executed.
The “python -c” command was utilized to run the “exploit.py” and “a.py” files which then generated “exploit.pyc” and “a.pyc”, the bait for the experiment.
Upon executing exployt.pyc, the one responsible for doing the actual harm, a.pyc gets infected by using the marshal module of Python which deserializes and dissasembles the pyc files. After the malicious code is injected into the source, the file is reassembled and serialized using the same module that was used to perform the initial process.
As we've discovered, the interesting thing about this sort of infection is that the code is not just added or inserted, but it's interleaved into the existing binary.
Python is a dynamic, general-purpose, multi-paradigm programming language that was created in 1989 by a Dutch man named Guido van Rossum. It is often compared to Scheme, Ruby and Perl as it has an automatic memory management system, the most widely deployed implementation being Cpython, a free, open source, managed by the Python Software Foundation.
It can run on almost any platform and even though it's primarily object oriented, it can also be used for functional programming. Also, it is often utilized as a scripting language and with the aid of third party tools its code can be easily turned into standalone executable programs.