W32/Induc-A virus being spread by Delphi software houses

Richard Cohen, one of the analysts at SophosLabs, blogged yesterday about a curious piece of malware designed to infect applications written using Delphi (a variant of the Pascal language originally developed by Borland, and now used to quickly develop Windows programs such as database applications).

The W32/Induc-A virus inserts itself into the source code of any Delphi program it finds on an infected computer, and then compiles itself into a finished executable.

Since yesterday, Sophos has received over 3000 unique infected samples of programs infected by W32/Induc-A from the wild.. This makes us believe that the malware has been active for some time, and that a number of software houses specialising in developing applications with Delphi must have been infected.

Examples of infections have included applications that submitters have described as:

• "A tool for downloading configuration files onto GSM modules"
• "A compiler interface that operates between our third-party design software and our CNC woodworking machinery"

In addition, and quite ironically, we have seen a number of banking Trojan horses (that are often written in Delphi) infected by Induc-A.

Could it be that the malware has also hit other malware authors?

Delphi is frequently used to create bespoke software, either by small software houses or by internal teams. If you believe that you may be using software written in Delphi you would be very wise to ensure that your anti-virus software is updated. Actually, regardless of whether you use Delphi-written apps that's a good idea.

And if you do find a W32/Induc-A infection in one of your programs, speak to its developers immediately - as it's quite possible they have also been passing an infection on to other customers.

Let me reiterate - this virus isn’t just a threat if you are a software developer who uses Delphi. It’s possible that you are running programs which are written in Delphi on your computers, and they could be affected.

Posted on August 19th, 2009 by Graham Cluley, Sophos

http://www.sophos.com/blogs/gc/g/2009/08/19/w32induca-spread-delphi-software-houses/

Comentario:

Definitivamente siempre habrá algo nuevo en cuestiones de malware, lo sorprendente de este código malicioso es que tiene la capacidad de auto-insertarse en cualquier código de Delphi y de auto-compilarse, tal vez capacidades que permitieron que permaneciera indetectado, inclusive por compañías desarrolladoras de software con Delphi. Lo irónico y chistoso de este malware es que inclusive ya ha infectado a caballos de troya desarrolados en Delphi, lo que nos lleva a pensar en el malware del malware y pues ahora, no sólo los usuarios promedio tendrán que preocuparse por su seguridad, si no que también los desarrolladores de códigos maliciosos. Que locura!!!