• CIO.in
• News
• Virus Targeting Delphi Apps Spotted

Dubbed "Virus.Win32.Induc.a", Kaspersky said it infects applications created with Delphi. It takes advantage of the two-step mechanism used in the Delphi environment to create executable files. The source code is first compiled to produce intermediate .dcu (Delphi compiled unit) files, which are then linked to create Windows executables.

The new virus, Kaspersky said, activates when an infected application is launched. It then checks whether Delphi development environment versions 4.0, 5.0, 6.0 or 7.0 are installed on the computer. If the software is detected, Virus.Win32.Induc.a compiles the Delphi source file Sysconst.pas, producing a modified version of the compiled file Sysconst.dcu.

But the virus is reportedly not yet a threat since apart from infection there is no other payload. It is most probably intended for demonstration and testing of a new infection routine.

According to Kaspersky, the absence of a destructive payload, the infection of several versions of the popular instant messaging client QIP and the usual practice of publishing .dcu files by developers has already led to Virus.Win32.Induc.a becoming widespread throughout the world.

Yet Kaspersky added that it is very likely that cyber criminals will take advantage on Virus.Win32.Induc.a in the future and fine tune it to make it even more destructive.

The IT security firm said almost all Delphi projects include the line "use SysConst", which means the infection of only one system module results in the infection of all applications under development. In other words, the modified SysConst.dcu file causes all subsequent programs created in the infected environment to contain the code of the new virus. The modified .pas file is no longer required and is deleted.

Kaspersky claimed its own security solutions successfully detected Virus.Win32.Induc.a and treat both compiled Delphi files and Windows executables. The company said protection from the latest threat is already available in all Kaspersky Lab products.

Latest News

• Cisco, Citrix Team on Desktop Virtualization Package
• Organisations Urged to Prepare for IPv6 Migration
• How to Get Tough with your Tech Vendors
• Enterprise Risk Management: Get Started in Six Steps
• More Private Cloud Adoption Expected in 2011

CIO Newsletters

• CIO World

  Critical news & updates, delivered 5 days a week. View Sample

• CIO Alert

  Your weekly update on digital security and threat. Delivered every Friday. View Sample

• CIO Focus: Cloud Computing

  A Fortnightly capsule delivering the latest trends, opinions and features on cloud computing.