Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Win32.induc virus targets Delphi development environment

Sunbelt Software : 24 August, 2009  (Technical Article)
Sunbelt Software is warning of incipient attacks through development environments as latest virus targets software as its being written
Sunbelt Software, a provider of Windows security software, has issued a warning to users and software developers following the discovery of a virus that targets development environments in order to infiltrate applications at the point they are written and compiled.

The virus, dubbed Win32.Induc, was written to infect applications built with the popular Windows-based development environment Delphi and has been in circulation for some time. The virus is known to affect versions of Delphi up to 7.0. Sunbelt Software's VIPRE product line is currently detecting the infected executables caused by Win32.Induc.

When a Win32.Induc-infected application is run on a PC, the virus searches for a Delphi installation and attaches itself to it. Any software compiled by the infected Delphi will then also carry a copy of Win32.Induc, allowing the virus to spread in the application executable.

"The point that the industry seems to have missed is that this virus may have been circulating for a while and therefore could already be embedded in a lot of applications in circulation online, on cover discs and pre-installed on new PCs," said Michael St. Neitzel, VP of Threat Research and Technologies at Sunbelt Software.

Although no payload is deployed and no destructive act carried out on data or applications, the replication and infection will cause disruption as functional applications and files are quarantined by antivirus software as infected, pending disinfection.

"This is a real challenge for antivirus vendors and those on the receiving end. When AV scanners start identifying applications as "infected" with Win32.Induc it's an open question whether or not the scanners can clean them. If they can't, the original developers are going to be required to get the infection out of their Delphi compilers, recompile the applications and get the clean code back to their customers. Given there could be different versions of the infected applications in circulation, this is going to be a real nightmare for some companies to deal with," St. Neitzel added.

Popular freeware and shareware executables infected with the Win32.Induc virus have found their way on to certain magazine cover discs including Any TV Free 2.41 and Tidy Favorites 4.1. Uninfected versions of both applications are now available; however, CDs and DVDs are still in circulation containing infected versions of the executables.

Sunbelt recommends that enterprises using Delphi scan production machines with VIPRE, remove any possible infections then recompile executables that were distributed to customers. Customers should be notified. Remember that the virus also might remain in back-up images. Infections could have begun as early as the spring of 2008.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo