All the latest UK technology news, reviews and analysis
|
|
|
21 Aug 2009
Security experts have warned of a new virus attack targeting the Delphi code compiler. The virus infects a component within the Delphi library folder, and disguises itself as a legitimate file.
Rather than attempt to simply install other malicious files onto the host machine, however, the virus uses the compiler itself as a means of spreading. When the host machine compiles programs, the virus inserts lines of malicious code, turning the compiled code into a virus delivery system.
Researchers from security firms Sans, McAfee, BitDefender and F-Secure have all reported and analysed the virus, which has so far shown no malicious intent other than replicating itself. No further malware attacks or file downloads have been reported.
But the virus is gaining attention because of its unusual delivery style, which has managed to infect some high-profile applications. German computer magazine ComputerBild warned readers after discovering that one of the files on a recent CD insert was infected with the virus.
The infection also appears to be spreading in more nefarious circles, according to Sans researcher Rick Wanner.
"A funny side-effect is that, in the few days since this virus has been detected in the wild, a number of Trojans have been discovered to be affected with the virus," he said in a blog post. "Obviously they were compiled with an infected Delphi compiler."
BitDefender said that developers can check for the infection by searching for a file in the Delphi library folder named 'SysConst.bak', and then renaming the infected file as 'SysConst.dcu' to prevent compiled applications becoming infected.
Latest stories from Developer
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
Opportunity to join a rapidly expanding Microsoft Consultancy...
Technical Architect - UC/Video Conferencing/VAAS Inspire...
A busy organisation in Glasgow is looking for a skilled...
Test, Python, Shell, Automation, Manual My client...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Implications of Induc.A
Michael St. Nitzel is right, though we haven't all missed the implications of this malware: at ESET we put up an FAQ at http://www.eset.com/threat-center/blog/2009/08/23/w32induc-a-faq that addresses some of those issues.
Posted by: David Harley CISSP FBCS CITP 27 Aug 2009
The knock-on effects of Win32.Induc will hurt more than the virus
The point that the industry seems to have missed is that this virus may have been circulating for a while and therefore could already be embedded in a lot of applications in circulation online, on cover discs and pre-installed on new PCs. This type of threat poses a real challenge for antivirus vendors and those on the receiving end. When AV scanners start identifying applications as 'infected' with Win32.Induc it's an open question whether or not the scanners can clean them. If they can't, the original developers are going to be required to get the infection out of their Delphi compilers, recompile the applications and get the clean code back to their customers. Given there could be different versions of the infected applications in circulation, this is going to be a real nightmare for some companies to deal with.
Posted by: Michael St. Neitzel, Vice President of Threat Research and Technologies at Sunbelt Software 24 Aug 2009