Induc virus preys on Delphi developers

Stephen Withers
Friday, 21 August 2009 12:43

Business IT - Security

A piece of malware specifically targeting Delphi installations is turning up in legitimate software.

The Induc virus is unusually specific: it looks for the Delphi development system, and makes changes that result in its incorporation in every Delphi file subsequently compiled on that computer.

Although the Pascal-based Delphi system is hardly a mainstream product these days, it has been around for a long time and still has its devotee.

Graham Cluley, senior technology consultant at Sophos, said "Delphi is frequently used to create bespoke software, either by small software houses or by internal teams. If you believe that you may be using software written in Delphi you would be very wise to ensure that your anti-virus software is updated."

"And if you do find a W32/Induc-A infection in one of your programs, speak to its developers immediately - as it's quite possible they have also been passing an infection on to other customers," he added.

It seems that some people are using Delphi to create malware. After examining more than 3000 files detected as containing Induc, Stuart Taylor, manager of Sophos's UK lab, observed that "The inescapable conclusion is that a significant number of these files are not wanted on customer systems".

Three variants - Induc-A, Induc-B and Induc-C - have now been detected.

According to Symantec's John McDonald, "The current version of the threat doesn't contain a malicious payload and so doesn't actually cause any damage to systems running Delphi."

"No doubt it would have been picked up much sooner if it actually did anything other than simply spread itself," he added.

Arun Pradeep of McAfee's Avert Research Labs says Induc has been in the wild for at least a year.

However, McAfee - like the other vendors - has only provided detection of the virus in the last few days.