|
|
|
Security Researchers Find Virus Targeting Delphi Programs
By: Brian Prince
2009-08-19
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
Researchers at Sophos and SonicWall uncover a virus designed to infect programs written in Delphi, a programming language commonly used to develop Microsoft Windows programs.Security researchers have
uncovered a virus with a rare modus operandiit infects applications written in
the
Delphi
programming language
at compile time.
The malware, detected as W32/Induc-A
by Sophos, inserts itself into the source code of any
Delphi program it finds on an infected
computer. It then compiles itself into a finished executable. Right now, the
virus does not have a malicious payload and appears to be focused on simply
propagating itself.
Because a lot of Delphi installations, including
manufacturers of pretty popular software packages, got infected, this is
getting downloaded by the user. People simply find, download and install QIP [chat
client] or AIMP or 'Tidy Favorites' or 'Any TV Free' or some other Delphi utility, and by running it
they get infected by the embedded virus, explained Nick
Bilogorskiy, manager of anti-virus research at SonicWall.
When a file infected with
W32/Induc-A finds a program written in
Delphi, it tries to write malicious code to
SysConst.pas, which it then compiles to SysConst.dcu. This new, infected
SysConst.dcu file will then add virus code to every new
Delphi file that gets compiled on the
system.
Over at Sophos,
researchers received more than 3,000 unique samples of programs infected with
the virus in the wild by Aug. 19. This indicates the malware has been active
for some time, blogged
Graham Cluley, senior technology consultant at Sophos. It is also likely
that a number of software houses specializing in developing applications with
Delphi are infected, he added.
"Delphi is frequently used to create
bespoke software, either by small software houses or by internal teams, wrote
Cluley. If you believe that you may be using software written in Delphi,
you would be very wise to ensure
that your anti-virus software is updated. Actually, regardless of whether you
use Delphi-written apps, that's a good idea.
|
|
�������x}ks8q�8c"�)%[r�ZJU*$)KR5{O/v�K�J#ɜؖ�nt7�F��$I��KǘYO�cSݣ&}$5~]
4I=�
ɑ�ԫ
9S]M�HwW3fcө�P/�?`���᳑(,�Q � tjOt0]2x�;s:&es/cߨ��`&`1Zm8lR!�j
�9a�?[�$�)qD
h]
�\(�>�߱L㘄-:
�;|�*UN�8Spycf_0Hz5E�hD#|x\�{d�#B�=Vya/
w-m~D�M-G ؓ�ۭBx1�BP�#"F��τwG�A%�;qؓ�Iuhl5D`iR13<�LeC1k;T*�R*65-晚u@|͖|#XulAzf@��dnQ��O*! lpq+�x�'C�]tQV�_սkYoAסߍ=gf�GdYo&A.wQMv �TmO |l
͟P�>�Au�ӱCģz�r$˚7�hewy�n�J|
bT9,�╇i�oĩq3}۷ֻ(T�U-��/{W� �?
n04�h;\Cr�yMS!�eUS��^�wD_"0QYTi|/�Z@
��WP��uN.kzQҏZ-���jA=V�dڱ�f1Sd!XI#/Y�pri[}o\tzmotg>ߙekfy�3(ժ�?T�R�Jg3B~7uV�gkU{#g�jꜶ{
GtH
��Wh: NZ[_��lxmķx8=|�kh2�`;�;RV>{dZ6�Ǔ)I|[ z%Ke}7�pWMCzlNTW꒮2Wb{熷(��.�ϱǍv"U.۽^C�8^%g�5F8�,h�eݴ%!��8WG5MGZ9MWPT;.Cp{ h��2e8l�2nБ6滏gtA::)~Ѧ1>RÜMCͶ�OCGs�>hH2胆6ml�-ƹ�h$�
,70}HOQI�4�X(x<�c�Og�v�/|�\aP���n=��j$
nh��-DCw
0Ieg&S yO��dro�oM~�(wEnP�j>X^0 j�p.Hp�yY?����Df>�o ��ќ�k
M�L<�ģL>�x?ɜ+)
��%@F�X�mN�t�"AђF��*�4� �gs�X"C"''s`[X;�;�.Vʥ�\.y"�m':.3Pr x&,R,BV-KᗄPf%i2mń(VFN��l�(0��Vn)`L)^HIRЙj!@�9z٧l�)>�?ΖuV�kͲT]۽/ 7�r@]�օV�P�� M��2L%���kZ1�%/D�4$B]�`}.�E�GQH�l�-
�6��86p#}nP
rQ�'G,-3IVV�j5R5>k-,!0(2�@0$X�3Q��[�Җlx�u:.�CϱȧKs=: �-`q˱3 `�ǟG�R.C28c"(6A߰�TXfRJMIlbs(zq�X0b=Iߛ�8]%W5f/��K+Y{yaؕRB�|vn�N �>(|pT'@�pdZ`0R7:4wҵJ�)݃Y�L5̆r(1Iڏ9&�_Gƅ�Kd�^s`O[`T9#DzlʠlN9 Q^-L.M{��
�\�mpf�Z�FR�.�~~i~R`d�;(l^;(�1,4�ra,�?@��R�5V2Sgh�u魧��[T+j[pfNP$!�5 ��dj>Ǿdo':|�#H�u�~H�Lb����46�\,0�|*W*U�`n*Vѹ(�٩% 7]@�.�&Dtl?`�"'>Ѕڣ�ns�sa*/w3g Z|�O�ZV,֪19P+R�js��3;f~~Ļ8
�i�ߥ: 9pF#~y6��w'~~�L4�/}.��-w~��w��^9Z3�:?�b�+�;0E�<&��{H�e�}0t%¬_,ŤOMqѡ,`�Br*-Ï
�vO�� g�: �C\4!<�`���(z`0d�miQ���se=Q]_))�(4`VsnC<��צK�$�?{ݮ�#6u>L:k}�SW
ZQa߯YU�P^مH��B&���dH�t=k�;J8K-f1�[5��{AqM|ٌ�m!yUq@WIe�&�24Zڽ/ZdקWT�JE晛>67.ýOd:|8'gkJ�}6�k[; Uɭ6Zqd���F&оȣ�+ZNǂa0&3(�ڃzbs�uyu}�lʬ.n>�a��=O u�jGOpS�V3Wn�-�۠|U�2Lt0�a 3[`�}l��ę�AkF �D�;3lC�&�CJAy^�itYB]��Vڲ���eyf3�9aؠGsHoR>1 ZH${m%�V}�
Pk���W\T`qՀDj9~�9HÞ1|M��}Yy^4�6(�}P�c�
ʌ�Q_P@ZhrGX�\ km{S�f�vل+_&2|)S�g�VvӲ�K�&;RZ/\v ?�3paS,Ԕʱ��.R`�@n�|tǞfP� X#7:^iM$>JS-b tri#ZMFbZ*BBgQ�!WVQ%'.6A)M`Okhs%�sp:'S6PFͧz�*E��!I#�̸yF0×!��w�g�O@lB�-5bIw�:.Wk��y6~�'vem"X�vIW$#
V�S##fCE9MIjVڳ$P`�1ۗ�<��%�8M=J6�=
�q��ѿ$ϟ��n��`>;�J@ r;qO+a.�ri����Q@JڣR> GY�`I.��|akJZ&·~t�~�}ǽ/5.�š�IV�G|L`뇛ǫԹl~hy(/�[Te�NR(��1I�]�2u̮VsA0lg�~�hy+ $+'~{)\6o>tėtO��~�\tR1~Z`&1A?Լ|:by>*�a�ݼ �=m48��Z&I�:D)�t_��6Q"B�@I˸toZ�,�;�>XMr!�}%��=Cɢkh�M؞ͿV�u?�y{lo&�<)ǣAl�k5�9obJwfim�=hKx?OKoҽ{g;ᧅmE��st33TT{I6ӱ$B�Eͫ*�ʾ\EVd.tՓ�s|<0���31�@7YM��(fެ�#zi16�Q3-�|c1Bo~<Ϥ�
]ek��*)��7�o}VZ�tC.q�D�)n&�d/.%�o.E ju O�Kt�1ڮ/=ا�HkYX�xlQ�Wg�o
�O O=p�Զءyxxg�,d�9��a}�430[ɱ-�Ι��2�'`G-ݺ�ܭ)³��$`GDA7}}g涣A� jm��Z0\9f�>
��V2OBWc+YT=�9b�~cگcȬ)�ChP)'jځ)}2�c~L�^j��j�&ͼ{:Gq1{D%��*";y��D�9�1u}^�]h@h܂'� ו8���xL}t,gP� wtY%4b�g1P9)�@8Lb,n-Y�""��:V2l`n�yr�}ՄKL�@-x�rF/6|p4uYD��8�1��eأw�QZLs}UNdQhA�wsiwR�;jY*Cɒ+v�oW�H\W+�D'y�'E0�9zʵR�^$]њ�e�-\L8E#шP8h'6:He6JJ|Ȁl�s42y|�!ń1`�e͢^00=��+-�e�j!�z�\t���3^fy�<`H #�1Y� ؙ�D��P7ObTIn$uR@�R|ϚXf#TTLk.U�S!�xs5e=S
XX胄tϷK7iPs-r_j,�i�O �0;CyI� �~�E�p1&B�k@
y�%d�h�O��a@H�$8|[a�Cw}]HARfʋ3Ms~�=�p)��|���/T~EX,U3�Mc��DI��Pr�7=*!AB�^ѲeSV}y�x�г*
ԅϽ��4{L=gIc-Od���y�HA/�|f I�ۛڞ@hY;DZ?�$�rk2�8��FNj{k{7{7{7{7wxn%;l�kJe>{z�fGq@)
u�ݦYͱw0^�5T}i�y�-彋Me\j_j%��
P^0n(^j�Bv-y[7fo�a~u`�nѺ/�FF�VB[T_D~x�K`��|Zu܄kv@-6<��aI:h�yKs!lz��b0/���m3\4=�yob�[=�)H��Q,��@p�!�"[0$c�/@�L3^ޒ_J�_\x�T�9]�+y)$�!�]Qv'�4#Pyotp�膁ADy`Iz فO�myGDo�4]c$wI'϶Z|W3^�F�Ɩ��[q��++6hk�x8~xG�.���1D8u;��[U[�!�!]]]]zcV5�i>�83"��'j��QF'.O�z��Ը{ߡ1�{O��^�d���aaC�D4W#-(r�Z:}v�Z7
b&Wd'#�moD�WDPqYi��z,ӗ��>xفO3B��p$�5K��Ɩ�_7V0m��>�Dߩ�:T< FTⴣ$�(^!1��ϡF&9 "�}Ex�Da+;ҡ�[w@y�5J[;V7#uhfh��ύ� ���kM��-mk~�YV�
�R@)�$t�)F��jtM�v`��a�C.��?�A8�' 2�ƹuկJ3<"�}z�h3r���Ǟ��. e&nv�ג-Ѝ7\g,̌�):T��4q�$��En>�rΠZ~Tx)Hܳ��VpB\=J~҆2.Xvp�WrҷD%R|| ƿ2n:rO|k�nfv
�I�0�^���{�mYo�� ){LfERro��j1��ߦ�Lm_u�auf"^�e/?x�*�G=]6%b5�>X2}6ϡ�zl^�J���ZRˬ�kR6$I1�Ʊ�;}a8cET2̭,Fdf[E������y�WA��|`߱1�A�p�xS�?� _�/K}~[�
�j�g�SǗy�ښX�'+Lӈa4XF{�!Z�pP]?�z�UccRg\�51�ޡjE
KAi`Fʼn?yxH�]?<(��es�Xo|֊�[N�iΞCm�%��\k65�QiH��:-FR�ﯕ�H�^�/
:ä=&L1�)˛#M͓).a�?Dy��um|x�#o?'.%�,,�@�ǽ�9q���I?I5?4O:SF_H�Ë8H���~
�u%�Vp':��/c7|'�|��K�vךQN|l:lJmo�ӥ-�~ECt {@R(j��
۳u8�>d �
bg�*Dz'q/�h.P"J\�+�js8ؕŠ��=B�0~CX�^qP<0&�l~6#eT[QS]��Z�/�[Ԓ#r�d! `B�o,"Exa��Zq�uQ%ǤHFpxe3)�M5k 0_"Ω,,
Y46K11\Rû9jPY-OQ/��]ZX,:~eL<^^AF��3
i��o"�r\IoA�$TC6'r��M`�/bTy
�i3t�3#66j=!v p�~c;�b7Mmj�+Lx9V8Ow|
vw�O�%YՉ��-;[M<�'н_��3B{sl^�?�Rm{ι0��aeY�&xfVؖ�mmq.]���F-Rt�3�slS;��@$=ꦆ�~RBJuT{7"Y0l���~!7,CGZ?`�^9�#ZIHh�5J;�:]|�_%ʄc
�|)W'���n�JYVmIr .�kh�>ay돸�RIo��H"H]�U#
`�xoH(��F�ٹ WEo*!�;3&2�{G`#op�MmNG��O��;'6g<�9asH ]TW\Axc3�Bxt'l9e>q0��-l
� \Z��s4�pLwz}UpX(b�#s~�!��g�6L-
D�Ť"c�*41GJ[!�}ɹ�cMVBE<
,i
�m�a��ngRq��n#b�hD1fHǼi͈ iu2O�H-*�Y{�vqY�@��y+��LL�݂`Aa~N#[C P/1MF�·:�5k3+%̔���,0A5�A"�\2}��� tH
<��25�kR>ɖàzP8�Y|oby�LgA~,O.us�x\jH��EjcPB<_�DŵY�1ka]NLݗ>0�(��-Ō��C�5Z(OBVB�BveX
&z(��-�͊5{�8~eBO�z%rEeW0`A='92bg44\�K=
L]; �&O=lFL�sB4/>
iv>No:N/x Zѷp+tsm}>^>\o:W\`&hT慶��L%,C
rvռl3;eFq(ڣE1B*rK��x5�"
/�%L�qx&N)Iw��(%lGyї�U�1o��Ll+�B=VԊkm9�
g5^L7%uԢz h7Q`1D�*'M&7�b�QhIk&5+ۼ�v(�(
(MfFy�ʻ�-AQ~
π>g����NqY_i�VF9?t2ʡ5~e/�E�|��s _f /�}/3{ ̠%%e�^�^f'U�WSF9g
Q~ �0W�{�s!?W0~W�ׅw3�?]/�r
q�u7?7��{��^�}~��X_�c�}OYߧ�>�>e�oʁo3�ڿh�6s$eCP̐5.N�pN2˹I�+/ޯ
aq)�z�^U^xڞjpۭ]��hq_l %^a/��^敽I%<"x��ǹW4<< X)rnmv#y_���^}=xC//��u>O?t�Ҿj^��=쓥̓>A7n"��B8�#�`�%1z�I�]�U�
;wC-=�/��rt5pÅ6@$~�;�,@�薉�$usgCRRՒRJZVr?%7*�5��= 6�QTY)ȅ��[��V
R�`"�
*�s>P�`26UJ`
P�z!�J1
�4c֭dKb(�p
E���Уc�/ֶȄ˘E͛YȌ�N�E5//��{_۱�B��
��b��b�{ˈT`TlJx �^qf�f�NX�>&�\ʠaC�ao/XbKZ;�c`��\;�=2�gj�Y }dy0\9Kh�Lz[U�ݣQ��M)<:,`�+tL�.LESzq�;{58��),_bY\so�X]�L['l�yb*b)mԿ+�HXU$ǖ�]`>so��r:=bՇ�^"�(�luy9M"�{hxx����"�n+�=B[1
�t�x�&QguM̸&��$cn0>Xx�]tSL�i��G[[�ZO�,ibErb9��GU�Z�Q�8݈q62sxxμ̆I
�eܩ� �-f���)g�\lY8=ۚ9t؆"u�]ݸ3EK~axR
��Hn2-1ƚ 9L�D$x^�#4|e'0O�2#0' MĮ+fAj3�´gf�R��U�{Nzs�̄08B8L=Y�}T.q
5sE�Eא�E,&JhӄZ�{J�fBZ`y;6M(��foX:�)#,|Hn皱LZԝ86Zd59L�'.FA&��6LG�4 (Q"S�qm(!3Q�s4��J(KE-F{&.^!5,▗L��ALH\=oz^Dl��t��Ζb'/x
��szn%()%�y+L9(م��xK*��Oe��;BI<ŗ��5_x�|XT��,sD��?�>K:S1U)ւ�_�/gw�d&%�}YQ ��v.ychFʪv\J��T0(HxrHqpC>��~؋|%O'
ϻ�_tF�0~�^%sYD:�9����A&{gٺ*عKӘ2J1А8v2COA#t
O��e[� |kc'p�'!MX���/�;Oulם@�
P��o⁜2ћwZ�S1$+nvG�D
g>��6'كl2=p6g�!(Fْ[0���Fu:h�/�A�slk
6-����`⎈me��eZ:DR�*,D&f
,��� ~sf㿵�樅{(��Wv:�mmlP/>¼yOW=Q'�alhd%k^FHM`WH{�XiW��e1RpCV)�tO�M鋰��ANt3BW5`/��=H�]�78ǩ[Vmx�~�ͺÀ�g�
f�k�OTg�{*.u��6r)*
XCڢZMQaW�8~n`PeS1C'@n0\|�H
d9[\O^م�4�3�\j�9/�YH~>����\9�9�.@OI"cXM1}aE�|1GǩW�.r�W��?�aMd�|^�k/o�ʳU_:k^v.>�Jzfk�`�g^vX�vQ��JetgLp�-�ͱeRZ`l/Z6?W"'��
|
Network Security & Hardware 
