Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

Win32.Induc infects Delphi IDE

August 24, 2009

In the mid-August Doctor Web virus analysts discovered a virus infecting Delphi IDE. Lack of destructive functionality allowed Win32.Induc to spread unnoticed for several months. The huge number of infected systems and the possibility of future modifications of the virus appearing in the wild suggest that it’s not as

Win32.Induc infects a Delphi IDE file used during compilation. If a project is compiled in a compromised development environment, it becomes a spreader of the virus. The virus infects Delphi IDE versions from 4 to 7. It modifies SysConst.dcu library used during compilation. A compilation of any Delphi-project that utilizes the infected library creates an application with functionality of the virus.

The only objective of the virus is its own propagation. However, Dr.Web anti-virus solutions detect the virus and offer users to cure it. Even though it seems harmless it is still dangerous. Since its source code is available to public, any virus maker can implement the spreading mechanism of the virus in his own destructive malicious program.

Many popular programs created in the infected Delphi IDE became carriers of the virus and caused even wider spreading of Win32.Induc. Infected files have been found on hundreds of thousands of computers. Win32.Induc spread on such a large scale mostly because it didn't cause any harm to a system. The malware got to users’ systems from soft portals as well as covermounts.

The remarkable fact is that malicious programs got infected along ordinary software. Doctor Web virus analysts discovered several viral species (Trojan.PWS.Banker.30321, Trojan.DownLoad.44695) created using a Delphi IDE and infected with Win32.Induc.

This virus uses spreading methods that were employed in DOS viruses a decade ago. A harmless resident virus HLLP.BeginPas that infected Pascal source code featured similar technologies.

Once Doctor Web implemented a curing algorithm for Wind32.Induc, its spreading rate decreased significantly.

If your system got infected, Doctor Web recommends you to use Dr.Web CureIt available free of charge for curing home computers. Win32.Induc doesn’t pose a threat to systems protected with Dr.Web anti-virus solutions.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040