Sophos is reminding businesses of the importance of protecting corporate networks from malware infection following the discovery of an unusual virus – the spread of which is likely to be caused by software houses or in-house development teams who specialise in developing applications written in the 'Delphi' software language.
The virus – identified by Sophos as W32/Induc-A – injects itself into the source code of any Delphi program it finds on an infected computer, and then compiles itself into a finished executable.
Delphi is a variant of the Pascal language originally developed by Borland, and is now used to quickly develop Windows programs such as database applications. The virus is not just a threat to software developers that use Delphi – many computer users will be running programs which are written in Delphi, and they could be affected.
In the past 24 hours SophosLabs has received more than 3 000 unique infected samples of programs infected by W32/Induc-A, which suggests that the malware has been active for some time, and that a number of software houses specialising in developing applications with Delphi must have been infected.
Ironically, Sophos has also seen a number of banking Trojan horses – which are often written in Delphi – infected by Induc-A, indicating that malware authors themselves could also have been affected.
"Although most people aren't Delphi developers, there may be many computer users running programs written in Delphi that have been contaminated," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa. "It's possible that affected applications are available for download from the Internet on legitimate shareware sites or on magazine CD ROMs.
“Businesses that may be using software written in Delphi are advised to ensure that their anti-virus software is updated. If a W32/Induc-A infection is found in a program, its developers should be contacted immediately as it's possible that the infection could be passed on to other customers,” he adds.