I agree. Any program source or binary, written in any language, can be infected by worms. There are plenty of tools to do this. As a teacher, I would expect any CS graduate to know how to do this for any binary (exe) file and any good python programmed to know how to do it to Python (pyc) files. The pytroj library just makes it a little easier.
That is why when you download code, you should downloading is from a reputable source and possible check the md5 signature. That is why Apple appstore is a success. Massimo On Oct 9, 9:49 am, ~redShadow~ <[email protected]> wrote: > On Sun, 2011-10-09 at 10:54 -0300, Bruno Rocha wrote: > > symantec found a worm which infects. pyc files[1] > > > the virus source code is in [2] > > > [1]http://www.symantec.com/connect/blogs/python-has-venom > > > [2]https://github.com/maurobaraldi/Pytroj > > I don't see where the exact risk is, a part from that a .pyc doing > something different may be shipped along with a .py that looks like it > is the source code, but it isn't; this is quite like shipping > something.exe plus something.c: nothing guarantees that something.c is > the source code for something.exe. > > Plus, everything that can modify the .pyc would probably also be able to > modify the .py directly, run malicious code directly, etc. etc.. > > -- > Samuele ~redShadow~ Santi > ---------------------------------------------------------------- > redshadow[at]hackzine.org - redshadowhack[at]gmail.com > > Blog:http://hackzine.org > > GPG Key signature: > 050D 3E9F 6E0B 44CE C008 D1FC 166C 3C7E EB26 4933 > ---------------------------------------------------------------- > /me recommends: > Squadra Informatica -http://www.squadrainformatica.com > ---------------------------------------------------------------- > - Proud ThinkPad T-Series owner > - Registered Linux-User: #440008 > * GENTOO User since 1199142000 (2008-01-01) > * former DEBIAN SID user > ---------------------------------------------------------------- > "Software is like sex: it's better when it's free!" > -- Linus Torvalds > > signature.asc > < 1KViewDownload
