The malware worked by interleaving viral code into binary code, deserialised and disassembled by the marshal module of Python. The module then reassembled and serialised the infected code.

After reaching an agreement, the Sophos for Marshal, module will combine Sophos’s anti-virus engine with Marshal’s content security technology to form an integrated malware module at the gateway.