topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday December 12, 2024, 2:55 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Virus targets Borland Delphi  (Read 3654 times)

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,190
    • View Profile
    • Donate to Member
Virus targets Borland Delphi
« on: August 23, 2009, 07:50 AM »
This is something I've not seen before- A virus targeting developers.  Win32/Induc targets Borland Delphi, infecting the IDE so that when you build an application with it, the virus is included in the built .EXE.  The virus has no payload, but it does create a virus nightmare for developers.  I found out about it because GMailKeeper sent out a warning that it carried the virus.

Dear Customers,

This email is here to inform you that you must update your copy of
Gmail Keeper. A old version of Gmail Keeper was infected by a low
risk virus called Win32/Induc A which attaches machines with a
software development tool called Delphi.

Although the infected version of Gmail Keeper can do no harm to your
computer unless you have Borland Delphi V4-7 installed, you are
highly recommended to download the latest clean version of Gmail
Keeper from our Server.

Download Link: http://gmailkeeper.c...oad-full-version.php
User name: <redacted>

Password: <redacted>

Note: You'll still need your license key in order to use the full
version of Gmail Keeper.

Details about the low risk virus can be found here
<http://gmailkeeper.com/download-full-version.php>
.

Let us know if you have further questions.

Best Regards,

Gmail Keeper Team

http://GmailKeeper.com

I then looked the virus up, and found more information:

http://www.scmagazin...lphi/article/146957/

http://www.bitdefend...--Win32.Induc.A.html

The second is a particularly good read, because it tells how to detect if you have it without running an AV scan.  Note also that this only affects Delphi 4-7.