Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us


    A new threat targeting Borland Delphi Compilers is fast becoming a global concern, as we have been receiving reports of increased infection incidents. The file infector, detected by Trend Micro as PE_INDUC.A, tampers with Borland Delphi Compilers installed in targeted systems, causing all files compiled using the compromised Delphi compiler to be infected. Borland Delphi Compiler is a tool used to compile several popular enterprise database and desktop applications.

    Upon execution, the malware checks if a Borland Delphi Compiler is installed on the system by checking a certain registry entry. Once the existence of the said compiler on the system is confirmed, it modifies the file SysConst.pas, by appending code. Through this routine, it compiles a new copy of the file SysConst.dcu which is detected by Trend Micro as TROJ_INDUC.AA. It then renames the original SysConst.dcu to SysConst.bak and deletes the modified SysConst.pas.

    Once done, all files compiled using the affected Delphi compiler are also infected. This puts other users at risk of getting affected by the same malware: if they happen to run a Delphi program that was compiled using a tampered Borland Delphi Compiler, then their own Borland Delphi Compiler will be tampered with as well.

    As of this time, there is no known payload for this malware except for infecting the compiled files.

    Trend Micro Japan threat analysts have written an entry on this threat here. We will be updating this entry as more information comes in.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice