The Win32/Induc.A virus contains routines modifying files belonging to the Delphi development tool, and consequently infecting all applications compiled with Delphi.
Security software provider ESET said the virus will not cause direct damage to system where Dephi is not installed, but that users could lose the ability to run programmes infected with the virus when their anti-virus recognises the infection.
However, as the virus infects the programming tool Delphi, it is a “major threat” for programmers. Any application that is compiled – i.e. converted to an executable programme – after the virus infection, will be malicious. If distributed, programmers run the risk of infecting other systems used for development.
Ironically, the Delphi programming tool is frequently used by malware writers, and according to ESET, many Trojans (mainly those stealing bank information) are infected with the Win32/Induc.A virus.
“This seems to be a classic proof of concept attack”, said David Harley, director of malware intelligence, ESET. “In that it probably wasn’t intended to be destructive, through there’s no reason why it couldn’t’ be adopted to do something more malicious, either something deliberately destructive or something that allows a criminal some form of backdoor access, for instance. If the bad guys see a way to use this for profit, the chances are that they will.”
Harley added that “the knock-on effects go far beyond the immediate harm to development systems.” The virus could cause significant damage to systems on which infected programmes are installed – regardless of whether Delphi is installed or not.
ESET said the virus has gone undetected since April 2009, thought he timescales could be longer.