Are Software Houses Infecting Their Customers?
New virus infects source code written in popular Delphi language, Sophos says
A new virus may cause software to be infected even before it is distributed by software houses or in-house development teams, according to researchers at security vendor Sophos.
The virus " identified by Sophos as W32/Induc-A " injects itself into the source code of any Delphi program it finds on an infected computer, and then compiles itself into a finished executable. Delphi is a variant of the Pascal language originally developed by Borland, and is now used to quickly develop Windows programs such as database applications.
The virus is not just a threat to software developers that use Delphi, but to any computer running programs written in Delphi, Sophos says.
Researchers at SophosLabs have received more than 3000 unique infected samples of programs infected by W32/Induc-A, which suggests that the malware has been active for some time, and that a number of software houses specializing in Delphi apps must have been infected.
Ironically, Sophos has also seen a number of banking Trojan horses -- which are often written in Delphi -- infected by Induc-A, indicating that malware authors themselves could also have been affected.
"Although most people aren't Delphi developers, there may be many computer users running programs written in Delphi that have been contaminated," says Graham Cluley, senior technology consultant at Sophos. "It's possible that affected applications are available for download from the net on legitimate shareware sites or on magazine CD ROMs."
Sophos advises businesses that use Delphi apps to update their antivirus software. If a W32/Induc-A infection is found in a program, its developers should be contacted immediately -- it's possible that the infection could be passed on to other customers, Sophos says. Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Read more about:
2009About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024