madison
Home / News & Blogs

Virus targets programs built with Delphi

Elinor Mills CNET News | August 19, 2009 5:31 AM PDT

Summary

Researchers said that they are seeing something unusual in the malware world: a virus that targets a development environment.

Topics

Borland Delphi, Virus, Cyberthreats, Viruses And Worms, Development Tools, Programming Languages, Software Development, Software/Web Development, security, malware, Delphi, Spyware, Adware & Malware, Elinor Mills CNET News
Researchers said on Tuesday that they are seeing something unusual in the malware world: a virus that targets a development environment.

The virus, dubbed Win32.Induc, was written to infect applications built with Delphi, according to Nick Bilogorskiy, manager of antivirus researcher at SonicWall. Delphi is used to write Windows programs, including database applications.

When an infected program is run on a machine running Delphi, the virus infects any software that gets compiled on that machine. The virus spreads the executable file of itself as well as the source code. It looks for a compiler on the infected system and re-compiles the source code, inserting its code into any programs compiled on the system.

"This malware just spreads; it doesn't delete files or do anything malicious," he said. "But if you create software and you have this code in it, the software will be blocked by antivirus [technology]."

Developers whose systems are infected will pass the infection on to the programs they are creating, Bilogorskiy said.

Already, two free tools that are included in certain magazine CDs and are among the top 100 downloads on some portals — Any TV Free 2.41 and Tidy Favorites 4.1 — have been infected, he said. "As many as 30 percent of developers who use Delphi have this," he added.

SonicWall and a number of antivirus vendors have updated their software to block the virus.

Sophos has more details on its SophosLabs blog.

This article was first published on CNET News.

Talkback Most Recent of 3 Talkback(s)

  • Hopefully A/V vendors will take care....
    Too often, A/V products generate false-positive results based on signatures, such as the use of a particular library or component. I've seen it with Armadillo, DBISAM, Inno, etc.. Hopefully they'll be careful to target apps actually infected with the malware, and not ALL Delphi apps.
    --
    Chris Thornton
    ZDNet Gravatar
    chris@...
    19th Aug 2009
  • How to tell if your developers are infected
    There is a good link here that explains how to tell if a development environment is infected:

    http://www.viruslist.com/en/weblog?weblogid=208187826

    ZDNet Gravatar
    cmatrix
    19th Aug 2009
  • Bad tagline
    The virus doesn't target apps written in Delphi, it targets Delphi itself, and only three old versions of Delphi which have been "out of print" for years. It can insinuate itself into Delphi's runtime library and cause new executables to be compiled with the virus built in, but it can't infect existing programs that were built in Delphi.
    ZDNet Gravatar
    masonwheeler
    19th Aug 2009

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity