Are Software Houses Infecting Their Customers?

A new virus may cause software to be infected even before it is distributed by software houses or in-house development teams, according to researchers at security vendor Sophos.

The virus " identified by Sophos as W32/Induc-A " injects itself into the source code of any Delphi program it finds on an infected computer, and then compiles itself into a finished executable. Delphi is a variant of the Pascal language originally developed by Borland, and is now used to quickly develop Windows programs such as database applications.

The virus is not just a threat to software developers that use Delphi, but to any computer running programs written in Delphi, Sophos says.

Researchers at SophosLabs have received more than 3000 unique infected samples of programs infected by W32/Induc-A, which suggests that the malware has been active for some time, and that a number of software houses specializing in Delphi apps must have been infected.

Ironically, Sophos has also seen a number of banking Trojan horses -- which are often written in Delphi -- infected by Induc-A, indicating that malware authors themselves could also have been affected.

"Although most people aren't Delphi developers, there may be many computer users running programs written in Delphi that have been contaminated," says Graham Cluley, senior technology consultant at Sophos. "It's possible that affected applications are available for download from the net on legitimate shareware sites or on magazine CD ROMs."

Sophos advises businesses that use Delphi apps to update their antivirus software. If a W32/Induc-A infection is found in a program, its developers should be contacted immediately -- it's possible that the infection could be passed on to other customers, Sophos says. Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.