OK. I’ve not had a chance to confirm this myself, but at least one anti malware company is supporting the claim it seems – Bit Defender.
Allegedly this piece of malware does the following:
- It makes a copy of SysConst.pas file and inject itself into it.
- It compiles new SysConst.pas and places new infected dcu-file into Lib folder.
In theory what this means is that when you compile using Delphi with this on the system, the dcu will now have virus code which in turn makes your application a host for the virus. Infected applications will hunt for un-infected Delphi installations, infect them, and those so infected will compile infected applications, which will look for another installation of Delphi when installed and so on…
The potential for a bot/Trojan using this technique, if not now then later, is quite real as you may appreciate; if it is indeed the case.
You can read the full post on this by Clicking Here.
If you know this to be a false positive or have any additional information, please use the contact form or comments section below and let me know so that I can update this post to reflect that information.
Two upcoming posts:
A review of a rather nice and affordable web logs analysis tool developed by a fellow Micro ISV
Some Micro ISV history put together from the perspective of a fellow Micro ISV who built a very successful business which he sold part of.
Now Download . Com – Yes folks searching for this. It is a SCAM!
Running On A SliceHost 384 Meg Slice Under NGinX – Impressed!
SliceHost VPS, NGinX – Performance Outcome SEO Reporting To Come
Are You A Social Media Bull Ant?
Tackling ADO.Net – Not Your Fathers Database Access…
Fail – Degrees Of Separation – Negatives And Pluses ISV Style
What’s Not To Like About Micro ISV Fails? Release Early? You’re Doing It Wrong!
10 Startup Commandments – Stop Swanning Around?
VPS Update – Need For Speed
Delphi DCU Virus – SysConst.pas Library Source Injection. Athena Virus?
by Scott Kane on September 6, 2009 in 30Dayers, Featured Articles, General ISV Issues, ISV Software Design, Micro ISV, Starting an mISV
Allegedly this piece of malware does the following:
In theory what this means is that when you compile using Delphi with this on the system, the dcu will now have virus code which in turn makes your application a host for the virus. Infected applications will hunt for un-infected Delphi installations, infect them, and those so infected will compile infected applications, which will look for another installation of Delphi when installed and so on…
The potential for a bot/Trojan using this technique, if not now then later, is quite real as you may appreciate; if it is indeed the case.
You can read the full post on this by Clicking Here.
If you know this to be a false positive or have any additional information, please use the contact form or comments section below and let me know so that I can update this post to reflect that information.
Two upcoming posts:
A review of a rather nice and affordable web logs analysis tool developed by a fellow Micro ISV
Some Micro ISV history put together from the perspective of a fellow Micro ISV who built a very successful business which he sold part of.
Feel Recursive? Tweet it!
Tags: analysis tool, athena, bit defender, comments section, dcu, delphi, delphi 4, isv, lib, library source, perspective, successful business, sucessful business, trojan, virus code, web logs, what this means