In the mid-August Doctor Web virus analysts discovered a virus infecting Delphi IDE. Lack of destructive functionality allowed Win32.Induc to spread unnoticed for several months. The huge number of infected systems and the possibility of future modifications of the virus appearing in the wild suggest that it’s not as
Win32.Induc infects a Delphi IDE file used during compilation. If a project is compiled in a compromised development environment, it becomes a spreader of the virus. The virus infects Delphi IDE versions from 4 to 7. It modifies SysConst.dcu library used during compilation. A compilation of any Delphi-project that utilizes the infected library creates an application with functionality of the virus.
The only objective of the virus is its own propagation. However, Dr.Web anti-virus solutions detect the virus and offer users to cure it. Even though it seems harmless it is still dangerous. Since its source code is available to public, any virus maker can implement the spreading mechanism of the virus in his own destructive malicious program.
Many popular programs created in the infected Delphi IDE became carriers of the virus and caused even wider spreading of Win32.Induc. Infected files have been found on hundreds of thousands of computers. Win32.Induc spread on such a large scale mostly because it didn't cause any harm to a system. The malware got to users’ systems from soft portals as well as covermounts.
The remarkable fact is that malicious programs got infected along ordinary software. Doctor Web virus analysts discovered several viral species (Trojan.PWS.Banker.30321, Trojan.DownLoad.44695) created using a Delphi IDE and infected with Win32.Induc.
This virus uses spreading methods that were employed in DOS viruses a decade ago. A harmless resident virus HLLP.BeginPas that infected Pascal source code featured similar technologies.
Once Doctor Web implemented a curing algorithm for Wind32.Induc, its spreading rate decreased significantly.
If your system got infected, Doctor Web recommends you to use Dr.Web CureIt available free of charge for curing home computers. Win32.Induc doesn’t pose a threat to systems protected with Dr.Web anti-virus solutions.
Tell us what you think
To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.