W32/Induc-A virus being spread by Delphi software houses

Graham Cluley

Richard Cohen, one of the analysts at SophosLabs, blogged yesterday about a curious piece of malware designed to infect applications written using Delphi (a variant of the Pascal language originally developed by Borland, and now used to quickly develop Windows programs such as database applications).

The W32/Induc-A virus inserts itself into the source code of any Delphi program it finds on an infected computer, and then compiles itself into a finished executable.

Since yesterday, Sophos has received over 3000 unique infected samples of programs infected by W32/Induc-A from the wild.. This makes us believe that the malware has been active for some time, and that a number of software houses specialising in developing applications with Delphi must have been infected.

Examples of infections have included applications that submitters…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.