August 19, 2009 | Bratislava | Press Releases

New Virus Win32/Induc.A Threatens Legitimate Apps

The first 24 hours from the virus’s release, ESET intercepts 30,000 infected files

Legitimate applications and software written in the Delphi programming language became exposed to Win32/Induc.A – a new virus does not directly target .exe files, but it rather infects Delphi IDE instead. In effect every application compiled on the infected machine will also become infected.

The Delphi programming language tends to be used in quite robust database applications used primarily by banks and other institutions processing vast amounts of data, some of which have already reported being infected with Win32/Induc.A. The virus itself isn’t destructive, but rather uses innovative and uncommon techniques to spreading quickly.

Thanks to ESET’s early warning system - ThreatSense.Net , the first 24 hours from the virus’s release, ESET has received over 30,000 unique infected samples, where in many cases the original software was a legitimate application prior to infection.

According to Juraj Malcho, the Head of ESET Virus Lab, “the concern is over the period during which the virus went undetected and was able to infect a large number of PCs, resulting in the infiltrated software being distributed to users directly by their vendor. To our dismay, often the reaction of the software vendor has been that the detection of a virus is a false-positive.” It is likely that the first samples of the virus date back to April 2009. The reason why the virus was left unnoticed for such a long time period is that Delphi code tends to be quite voluminous and the virus body itself quite small.

Moreover, it is likely that the virus was distributed by “piggy-backing” on the Banker trojans, its miniature add-on functionality making it easily overlooked by virus researchers as the Trojans themselves were marked as malicious code. Among the thousands of samples of trojans infected with this virus intercepted by ESET, those classified as Win32/Spy.Banker are most abundant. Win32/Spy.Banker targets mostly Russian and Brazilian PC users.

<img src=Pictures/scheme_delphi_forWeb_EN.gif</buxus-image> />

About ESET

Founded in 1992, ESET is a global provider of security solutions for enterprises and consumers. ESET is a market leader in proactive detection of malware. Thanks to its ThreatSense.Net® technology, it is able to collect data on a volunteer basis from users all around the world, allowing it to react flexibly to emerging threats. It‘s ESET NOD32 Antivirus has been ranked by the independent AV-Comparatives testing lab as the best antivirus product worldwide (2006, 2007). ESET has offices in Bratislava, SK; Buenos Aires, AR; San Diego, USA; and has an extensive partner network in 160 countries. In 2008, ESET has opened a new research center in Krakow, Poland.