Theres nothing to be alarmed about. Any EXE can be infected. Any Libraries can be infected.
In the hacking underground scene , there are infected SSH libs that behaves exactly like openssh but logs all the passwords. And there was a case where repos get hacked and replaced with trojan sshlibs. I don't remember which repo is , red hat or fedora. One of Myanmar ISP was target and gateway (proxy) machine was get hacked too , many password stolen. I know with the lead hacker and he showed me the group of bot he controlled which are within ISP's internal machines. Java JRE can be infected and can do that way too, On Sun, Oct 9, 2011 at 10:42 PM, Massimo Di Pierro < [email protected]> wrote: > I agree. Any program source or binary, written in any language, can be > infected by worms. There are plenty of tools to do this. > As a teacher, I would expect any CS graduate to know how to do this > for any binary (exe) file and any good python programmed to know how > to do it to Python (pyc) files. The pytroj library just makes it a > little easier. > > That is why when you download code, you should downloading is from a > reputable source and possible check the md5 signature. > That is why Apple appstore is a success. > > Massimo > > On Oct 9, 9:49 am, ~redShadow~ <[email protected]> wrote: > > On Sun, 2011-10-09 at 10:54 -0300, Bruno Rocha wrote: > > > symantec found a worm which infects. pyc files[1] > > > > > the virus source code is in [2] > > > > > [1]http://www.symantec.com/connect/blogs/python-has-venom > > > > > [2]https://github.com/maurobaraldi/Pytroj > > > > I don't see where the exact risk is, a part from that a .pyc doing > > something different may be shipped along with a .py that looks like it > > is the source code, but it isn't; this is quite like shipping > > something.exe plus something.c: nothing guarantees that something.c is > > the source code for something.exe. > > > > Plus, everything that can modify the .pyc would probably also be able to > > modify the .py directly, run malicious code directly, etc. etc.. > > > > -- > > Samuele ~redShadow~ Santi > > ---------------------------------------------------------------- > > redshadow[at]hackzine.org - redshadowhack[at]gmail.com > > > > Blog:http://hackzine.org > > > > GPG Key signature: > > 050D 3E9F 6E0B 44CE C008 D1FC 166C 3C7E EB26 4933 > > ---------------------------------------------------------------- > > /me recommends: > > Squadra Informatica -http://www.squadrainformatica.com > > ---------------------------------------------------------------- > > - Proud ThinkPad T-Series owner > > - Registered Linux-User: #440008 > > * GENTOO User since 1199142000 (2008-01-01) > > * former DEBIAN SID user > > ---------------------------------------------------------------- > > "Software is like sex: it's better when it's free!" > > -- Linus Torvalds > > > > signature.asc > > < 1KViewDownload
