OK. I’ve not had a chance to confirm this myself, but at least one anti malware company is supporting the claim it seems – Bit Defender.
Allegedly this piece of malware does the following:
- It makes a copy of SysConst.pas file and inject itself into it.
- It compiles new SysConst.pas and places new infected dcu-file into Lib folder.
In theory what this means is that when you compile using Delphi with this on the system, the dcu will now have virus code which in turn makes your application a host for the virus. Infected applications will hunt for un-infected Delphi installations, infect them, and those so infected will compile infected applications, which will look for another installation of Delphi when installed and so on…
The potential for a bot/Trojan using this technique, if not now then later, is quite real as you may appreciate; if it is indeed the case.
You can read the full post on this by Clicking Here.
If you know this to be a false positive or have any additional information, please use the contact form or comments section below and let me know so that I can update this post to reflect that information.
Two upcoming posts:
A review of a rather nice and affordable web logs analysis tool developed by a fellow Micro ISV
Some Micro ISV history put together from the perspective of a fellow Micro ISV who built a very successful business which he sold part of.
Delphi DCU Virus – SysConst.pas Library Source Injection. Athena Virus?
Allegedly this piece of malware does the following:
In theory what this means is that when you compile using Delphi with this on the system, the dcu will now have virus code which in turn makes your application a host for the virus. Infected applications will hunt for un-infected Delphi installations, infect them, and those so infected will compile infected applications, which will look for another installation of Delphi when installed and so on…
The potential for a bot/Trojan using this technique, if not now then later, is quite real as you may appreciate; if it is indeed the case.
You can read the full post on this by Clicking Here.
If you know this to be a false positive or have any additional information, please use the contact form or comments section below and let me know so that I can update this post to reflect that information.
Two upcoming posts:
A review of a rather nice and affordable web logs analysis tool developed by a fellow Micro ISV
Some Micro ISV history put together from the perspective of a fellow Micro ISV who built a very successful business which he sold part of.