Freely subscribe to our NEWSLETTER

The virus – identified by Sophos as W32/Induc-A – injects itself into the source code of any Delphi program it finds on an infected computer, and then compiles itself into a finished executable. Delphi is a variant of the Pascal language originally developed by Borland, and is now used to quickly develop Windows programs such as database applications. The virus is not just a threat to software developers that use Delphi - many computer users will be running programs which are written in Delphi, and they could be affected.

In the past 24 hours SophosLabs has received more than 3000 unique infected samples of programs infected by W32/Induc-A, which suggests that the malware has been active for some time, and that a number of software houses specialising in developing applications with Delphi must have been infected.

Ironically, Sophos has also seen a number of banking Trojan horses - which are often written in Delphi - infected by Induc-A, indicating that malware authors themselves could also have been affected.

“Although most people aren’t Delphi developers, there may be many computer users running programs written in Delphi that have been contaminated,” said Graham Cluley, senior technology consultant at Sophos. “It’s possible that affected applications are available for download from the net on legitimate shareware sites or on magazine CD ROMs.”

Businesses that may be using software written in Delphi are advised to ensure that their anti-virus software is updated. If a W32/Induc-A infection is found in a program, its developers should be contacted immediately – as it’s possible that the infection could be passed on to other customers.