Are Software Houses Infecting Their Customers?Are Software Houses Infecting Their Customers?
New virus infects source code written in popular Delphi language, Sophos says
August 19, 2009
A new virus may cause software to be infected even before it is distributed by software houses or in-house development teams, according to researchers at security vendor Sophos.
The virus " identified by Sophos as W32/Induc-A " injects itself into the source code of any Delphi program it finds on an infected computer, and then compiles itself into a finished executable. Delphi is a variant of the Pascal language originally developed by Borland, and is now used to quickly develop Windows programs such as database applications.
The virus is not just a threat to software developers that use Delphi, but to any computer running programs written in Delphi, Sophos says.
Researchers at SophosLabs have received more than 3000 unique infected samples of programs infected by W32/Induc-A, which suggests that the malware has been active for some time, and that a number of software houses specializing in Delphi apps must have been infected.
Ironically, Sophos has also seen a number of banking Trojan horses -- which are often written in Delphi -- infected by Induc-A, indicating that malware authors themselves could also have been affected.
"Although most people aren't Delphi developers, there may be many computer users running programs written in Delphi that have been contaminated," says Graham Cluley, senior technology consultant at Sophos. "It's possible that affected applications are available for download from the net on legitimate shareware sites or on magazine CD ROMs."
Sophos advises businesses that use Delphi apps to update their antivirus software. If a W32/Induc-A infection is found in a program, its developers should be contacted immediately -- it's possible that the infection could be passed on to other customers, Sophos says. Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Read more about:2009
About the Author(s)
You May Also Like
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
The Impact of XDR in the Modern SOC