Перейти к содержимому


Фото
- - - - -

Win32.Induc infects Delphi IDE

Автор News Robot , авг 24 2009 03:00

  • Please log in to reply
Нет ответов в данной теме

#1 News Robot

News Robot

    Creator of the News

  • Dr.Web Staff
  • 8 017 Сообщений:

Отправлено 24 Август 2009 - 03:00

August 24, 2009

In the mid-August Doctor Web virus analysts discovered a virus
infecting Delphi IDE. Lack of destructive functionality allowed
Win32.Induc to spread unnoticed for several months. The huge number of
infected systems and the possibility of future modifications of the
virus appearing in the wild suggest that it’s not as

Win32.Induc infects a Delphi IDE file used during compilation. If a
project is compiled in a compromised development environment, it
becomes a spreader of the virus. The virus infects Delphi IDE versions
from 4 to 7. It modifies SysConst.dcu library used during compilation.
A compilation of any Delphi-project that utilizes the infected library
creates an application with functionality of the virus.

The only objective of the virus is its own propagation. However,
Dr.Web anti-virus solutions detect the virus and offer users to cure
it. Even though it seems harmless it is still dangerous. Since its
source code is available to public, any virus maker can implement the
spreading mechanism of the virus in his own destructive malicious
program.

Many popular programs created in the infected Delphi IDE became
carriers of the virus and caused even wider spreading of Win32.Induc.
Infected files have been found on hundreds of thousands of computers.
Win32.Induc spread on such a large scale mostly because it didn't
cause any harm to a system. The malware got to users’ systems from
soft portals as well as covermounts.

The remarkable fact is that malicious programs got infected along
ordinary software. Doctor Web virus analysts discovered several viral
species (Trojan.PWS.Banker.30321, Trojan.DownLoad.44695) created using
a Delphi IDE and infected with Win32.Induc.

This virus uses spreading methods that were employed in DOS viruses a
decade ago. A harmless resident virus HLLP.BeginPas that infected
Pascal source code featured similar technologies.

Once Doctor Web implemented a curing algorithm for Wind32.Induc, its
spreading rate decreased significantly.

If your system got infected, Doctor Web recommends you to use Dr.Web
CureIt available free of charge for curing home computers. Win32.Induc
doesn’t pose a threat to systems protected with Dr.Web anti-virus
solutions.


View the article
Назад к Company news (English)
  1. Dr.Web forum
  2. English forums
  3. Company news (English)
  4. Privacy Policy
  5. Terms & Rules ·