Jump to content
Forumu Destekleyenlere Katılın ×
Paticik Forumları
2000 lerden beri faal olan, çok şukela bir paylaşım platformuyuz. Hoşgeldiniz.

Win32.Induc.a

dasaaa

Son yazan: dasaaa
yeri: Donanım & Yazılım

 Paylaş

Öne çıkan mesajlar

dasaaa Grand Master

dasaaa

Mesaj tarihi:
Mesaj tarihi:
Hmm ben de positive görünüyorum son taramada..

Bitdefender kaldırabiliyormuş sanırım. Doğru mudur?

unutmadan bana gelişi Glary Utilties üzerinden olmuş. Legal yazılım üzerinden olması şaşırtıcı :(


Please don't report virus again,here is the reason

Dear users of Glary Utilities,

We are very sorry for the inconvenient caused by Win32/Induc,but it is not our fault to create the virus.It is the development environment(Delphi) affected by virus that directly lead to the virus in our product.Below is the detailed reason:


Source: http://gladiator-antivirus.com/forum/in ... opic=93000

18 August 2009, 14:21
Virus infects development environment

Anti-virus software vendor Kaspersky has discovered a new type of virus which infects and compromises systems running the Delphi

development environment. After infection, all Delphi programs compiled using the infected Delphi environment are also infected.

Anti-virus laboratory AV-Test has already spotted the first examples in the wild.

The virus affects Delphi versions 4.0, 5.0, 6.0 and 7.0. After making a backup which it names SysConst.bak, it overwrites the

Delphi file SysConst.dcu with a self-compiled version. Since the infected file is loaded whenever Delphi programs are compiled, all

programs generated after this point will be infected.

Updated Virus writers have gone old school with the creation of a virus that infects Delphi files as they are built.

When a Delphi file infected with Induc-A virus is run, it searches for Delphi programming installations on an infected machine and

attempts to infect this installation. More specifically, the malware attempts to infect SysConst.pas, which it then compiles to

SysConst.dcu. Once this process is completed the SysConst.dcu file is programmed to add the Induc-A virus to every new Delphi file

that gets compiled on the system.

A full write-up of the malware, including a screenshot depicting strings of infected code, can be found here.

A full write-up of the malware, including a screenshot depicting strings of infected code, can be found here.

Even the vast majority of computer users that aren't Delphi developers can be affected by running programs written in Delphi that

happen to have been contaminated.

Up until Tuesday afternoon the labs at Sophos have received more than 3,000 infected files, submitted by users who have found

infections. "This makes us believe that the malware has been active for some time, and that a number of software houses

specialising in developing applications with Delphi must have been infected," writes Graham Cluley, senior technology consultant at

Sophos.

Examples of infections have included applications described as "a tool for downloading configuration files onto GSM modules" and "a

compiler interface that operates between our third-party design software and our CNC woodworking machinery".

Delphi is used to quickly develop Windows applications. Some of the infected files are banking Trojans written in Delphi - so some

hackers are among those hit by the virus.

Link to comment
Sosyal ağlarda paylaş
 Paylaş
Konu listesine dön
×
×
  • Yeni Oluştur...