Take advantage of the new virus to infected Delphi Applications

Kaspersky Lab reported Virus.Win32.Induc.a, a virus that spreads through CodeGear Delphi. Virus.Win32.Induc.a utilizing two-step mechanism that is used in the Delphi environment to create executable files that can be virtual criminals. First, the source code is collected to create intermediate files. Dcu (Delphi compiled unit), which is then connected to create a Windows executable can. Activation is a new virus when an infected application is run. Then the virus will check whether the Delphi development environment version 4.0, 5.0, 6.0 or 7.0 has been installed in the computer. If the software is detected, Virus.Win32.Induc.a compile the source file Sysconst.pas Delphi, to create a modified version of the file Sysconst.dcu collected. In practice, all projects include Delphi line "Used SysConst", which means that the infection is only one module in the system lead to infection of all the applications under development. In other words, the file modification SysConst.dcu cause all subsequent programs that have been infected in the environment that contains the code this new virus. File. Fit a modified no longer needed and removed. When this virus is not a threat. On the side of infection, there is no other acaman (payload) of damage. Most likely the virus is intended to demonstrate and test new infections on a regular basis. The lack of a destructive payload, terinfeksinya some version of popular instant messaging client QIP habits and publish files. Dcu by developers have direct Virus.Win32.Induc.a spread wide to the world. It is perfectly possible in the future this virus will be taken and abused by cyber criminals and make them become more destructive. Solutions Kaspersky Lab has successfully Virus.Win32.Induc.a to detect and prevent the spread of the computer.