Delphi and virus, or virus and Delphi.

Hi all.

There is some discussion about a 'new' virus, that targets Delphi (and
developers).

The article is in danish:
<http://www.version2.dk/artikel/11833-delphi-udviklere-jages-af-ny-type-malware>
but refers to this article:
<http://news.cnet.com/8301-27080_3-10312628-245.html>

From the Danish article POV, it seems like Delphi itself is vunerable, which
is not true.

As far as i can see, is the attack vector, injection of (source) code in the
'Sysconst' unit.

What's going on?

-- 
Best regards
Stig Johansen
0
Stig
8/20/2009 9:58:13 AM
embarcadero.delphi.non-tech 5934 articles. 1 followers. Follow

15 Replies
864 Views

Similar Articles

[PageSpeed] 37

Perhaps checking other threads before posting would help. Exactly 10 posts 
below yours.
0
rakyta_at_stonline
8/20/2009 10:25:15 AM
Stig Johansen wrote:

> 
> What's going on?
> 

Time to upgrade to D2010 :-)

-- 

m. Th.

On the Wings of the Wind...
http://wings-of-wind.com/
0
m
8/20/2009 10:43:13 AM
http://www.sophos.com/blogs/sophoslabs/v/post/6117

http://www.sophos.com/blogs/gc/g/2009/08/19/w32induca-spread-delphi-software-houses/

They say "this virus isn’t just a threat if you are a software developer who uses Delphi", literally, and that show they lie... which non-developer user will have D4-7 installed? come on... Richard Cohen and Graham Cluley are inventing an issue for the users where there is none.
That "Induc-A" crap does not affect the user machines at all, that is a lie (ok, a lie that will sell more antivirus licenses but its a lie).
That SOPHOS articles are almost defamatory for the Delphi brandname and the software which is produced with it.
Its incredible the disinformation they are propagating.
0
Javier
8/20/2009 8:37:35 PM
http://www.sophos.com/blogs/gc/g/2009/08/20/sophos-false-alarming-delphi-induc-virus/

LOL, i was writing an email to Graham Cluley complaining about his post and he posted again before i finish it. May be its not what we wanted to read but its something at least...
0
Javier
8/20/2009 9:01:05 PM
Ivan Rakyta <rakyta_at_stonline.sk> wrote:

> Perhaps checking other threads before posting would help. Exactly 10 posts
> below yours.

I had looked, but apparently not looked good enough - sorry.
I'll check the other thread.

-- 
Best regards
Stig Johansen
0
Stig
8/21/2009 4:35:45 AM
<Javier Santo Domingo> wrote in message news:152476@forums.codegear.com...
> http://www.sophos.com/blogs/gc/g/2009/08/20/sophos-false-alarming-delphi-induc-virus/
>
> LOL, i was writing an email to Graham Cluley complaining about his post 
> and he posted again before i finish it. May be its not what we wanted to 
> read but its something at least...

I have to agree, that it needs to be dealt with and considered at least a 
medium threat.  And, Sophos is not the only anti-virus treating it as such, 
NOD32, ClamWin, AVG and Kapersky, just to name a few, wont even let the 
application run or the application might be deleted when a scan is 
performed.  Even SpyBot is detecting it, and it's TeaTimer is not letting 
the application run.

-- 
Best Regards,
  Daniel Rail
  Senior Software Developer
  ACCRA Solutions Inc.(www.accra.ca)
  ACCRA Med Software Inc.(www.filopto.com)
0
Daniel
8/21/2009 6:19:37 PM
No problem Daniel, you are also right. Its a complex subject this one.
But look, what i say is that they are scaring users playing with their ignorance (since its a worm that infects nothing but old Delphi installations) and by the way they are defamating Delphi, which has far more impact to our businesses. They are affecting the reputation of a whole platform, thats a serious threat. And sadly, they seem to have the impunity to do that.
0
Javier
8/21/2009 8:38:44 PM
Javier Santo Domingo <> wrote:

> They are affecting the reputation of a
> whole platform, thats a serious threat. 

That was more or less my point with my original post.
We risk, that 'people' think, that Delphi is an 'unsecure' platform.

I don't have newer versions than D7, but i guess, the reason thet newer
versions are not affected, is that sysconsts doesn't exist on those
versions.

The same concept would be possible using another centric unit ?

-- 
Best regards
Stig Johansen
0
Stig
8/22/2009 4:39:01 AM
Stig Johansen wrote:

> I don't have newer versions than D7, but i guess, the reason thet
> newer versions are not affected, is that sysconsts doesn't exist on
> those versions.

No, the virus specifically looks for Delphi 4-7 in a loop (the code can
be found on the web).

There is a SysConst.dcu in Delphi 2009 as well.
-- 
Rudy Velthuis (TeamB)        http://www.teamb.com

"Computer /nm./: a device designed to speed and automate errors."
 -- From the Jargon File.
0
Rudy
8/22/2009 1:42:49 PM
Rudy Velthuis (TeamB) wrote:

> No, the virus specifically looks for Delphi 4-7 in a loop (the code can
> be found on the web).

Ok, saw that (hmm i posted a link to the code myself, but didn't look :).

Wonder why 'they' only targets older Delphi.

-- 
Best regards
Stig Johansen
0
Stig
8/22/2009 10:02:30 PM
Stig Johansen wrote:

> Wonder why 'they' only targets older Delphi.

1. Older Delphi versions need write access to their bin directory. So
under a Vista with active UAC the developer must grant write access to
the Delphi folder. This isn't necessary for newer Delphi versions
because they do not write to their program files directory. And without
write access the virus can't replace files.

2. The virus author didn't have a newer Delphi version and wasn't good
at guessing what the new registry key is.

3. The virus author wants everybody to upgrade (very unlikely)

4. ... put here your own thought ...


-- 
Regards,

Andreas Hausladen
0
Andreas
8/22/2009 11:23:55 PM
Andreas Hausladen wrote:

> Stig Johansen wrote:
> 
> > Wonder why 'they' only targets older Delphi.
> 
> 1. Older Delphi versions need write access to their bin directory. So
> under a Vista with active UAC the developer must grant write access to
> the Delphi folder. This isn't necessary for newer Delphi versions
> because they do not write to their program files directory. And
> without write access the virus can't replace files.
> 
> 2. The virus author didn't have a newer Delphi version and wasn't good
> at guessing what the new registry key is.
> 
> 3. The virus author wants everybody to upgrade (very unlikely)
> 
> 4. ... put here your own thought ...

{$CONSPIRACY ON}
if OutCome = ocUnlikely then
  goto 3;
{$CONSPIRACY OFF}

:p

-- 
Pieter

"A friendship founded on business is better than a business 
 founded on friendship." -- John D. Rockefeller (1874-1960)
0
Pieter
8/22/2009 11:50:22 PM
Pieter Zijlstra wrote:

> Andreas Hausladen wrote:
> 
>> Stig Johansen wrote:
>> 
>> > Wonder why 'they' only targets older Delphi.
>> 
>> 2. The virus author didn't have a newer Delphi version and wasn't good
>> at guessing what the new registry key is.
> 
> {$CONSPIRACY ON}
> if OutCome = ocUnlikely then
>   goto 3;
> {$CONSPIRACY OFF}

I think, that I'll stick to Anreas explanation/guess, since the loop is
(more or less):
for v: ='4 'to'7' do 
  if RegOpenKeyEx (HKEY_LOCAL_MACHINE, pchar ( 'Software \ Borland \ Delphi
\' + v + '.0'), 0 etc.

Since i don't have later versions, i don't know which registry key(s) are
used, but i guess, taht it is not 8..11 ?

And the use of char/pchar etc, will not be usable in D2009 ?

-- 
Best regards
Stig Johansen
0
Stig
8/23/2009 9:35:30 AM
> Since i don't have later versions, i don't know which registry key(s) are
> used, but i guess, taht it is not 8..11 ?

Not exactly, no. And don't forget the borland part ;-)

> And the use of char/pchar etc, will not be usable in D2009 ?

Actually it will.
0
Olivier
8/23/2009 10:28:50 AM
Stig Johansen wrote:

> And the use of char/pchar etc, will not be usable in D2009 ?

Why not? Char and PChar work in Delphi 2009 unless you think that
SizeOf(Char) = 1


-- 
Regards,

Andreas Hausladen
0
Andreas
8/23/2009 10:30:20 AM
Reply:

Similar Artilces:

Delphi and Delphi for .Net
It seems that Delphi for .Net is slower than Delphi Win32 native applicaiton. I would like to know is it true all .Net application is slower than Win32 native applicaiton or it is Delphi for .Net only. Your information is great appreciated, Inung On 2011-06-21 18:20:17 +0100, Inung Huang said: > It seems that Delphi for .Net is slower than Delphi Win32 native applicaiton. > I would like to know is it true all .Net application is slower than > Win32 native applicaiton or it is Delphi for .Net only. If you are only running the code in the application once then, yes, yo...

SEPA components for Delphi with Source Code (Delphi 5
Hi all, in the european union change next year the Bankingformat to the SEPA Format. All peoples and companies must change the bankingssoftware and the costumer data form acountnummers in the new IBAN and BIC numbers. See: http://www.arma-it.de/shop/artikelueber.php?wgruppeid=211&wgruppe_offen=211 Functions: - generate SEPA XML'S - Calc IBAN - BIC Database (DE,AT and CH) Questions: vertrieb@arma-it.de PS: Bankinssoftware for Develpoers (Germany only) http://www.arma-it.de/shop/artikelueber.php?wgruppeid=212&wgruppe_offen=212 El 26/10/13 21:38, A...

Delphi 2007 to Delphi 7
I've written a class in Delphi 2007 that is not supported in Delphi 7. What would be the best way to achive what I've done in Delphi 2007 in Delphi 7? Thanks, Tom type BondConstants = class { Bond Types } type BondType = record const TREASURY = 3; AGENCY = 0; CORP = 1; MUNI = 2; SBA = 5; MBS = 4; CMO = 6; end; { Day Count Methods } type DayCount = record const ACTUAL_360 = 2; ACTUAL_365 = 1; ACTUAL_ACTUAL = 1; d30_360 = 0; ...

Delphi 7 to Delphi XE
Have been using Delphi 7 for many moons ( have got later versions but never upgraded to ) My first problem is: Component Palette. in XE it is a small toolbar docked in top right in Delphi 7 it gives a large view of all the components. I am struggling to be able to cope/access my components.in Delphi XE. Can I make the component pallette tool bar the same size as Delphi 7, or is there a fast way to view/choose all available components in XE, that I have not spotted yet? Kind Regards, Robert. Hi, What I know is that in Delphi 2010 and XE you can choose between t...

Delphi XE / Delphi 2010
Hello! I noticed that Embarcadero® Delphi® 2010 Version is not on the list of products on Embarcadero page. Or is it still possible to buy it? Will RAD Studio XE compile programs written in Delphi 2010 without problems.? Thanks. Am 13.09.2010 09:04, schrieb Petra Nemec: > Will RAD Studio XE compile programs written in Delphi 2010 without problems.? As always you will probably have to recreate the projects as the import is still a bit -- special. Christian Hello! Does anybody know if it is still possible to get a Delphi2010 trial version (if yes where)? ...

Delphi 5 to Delphi 6 and up
Dear List, Trying to add 7Zip compression support to my delphi application. I am using the ported 7Zip sdk (see their website, they have a link). I am stumped on how to rewrite a single function: function ReverseDecode(var Models: array of SmallInt; ....): ..... where the input is mostly a fixed size array of SmallInt. This code perfectly compiles and functions in Delphi 6 and up, but in Delphi 5 I get the error: There is no overloaded version of 'ReverseDecode' that can be called with these arguments And obviously, the input (fixed) isn't the same as the param de...

Delphi for PHP or Delphi PRISM
Hi, I have the opportunity to develop a web-based library management system. Nothing fancy, just being able to do the usual CRUD stuff for books and provide a search facility. Borrowing is to be done via an email request to the library admin who then sends out the book(s). Since both Delphi for PHP and Delphi PRISM will enable me to develop the app, which one will allow me to deliver it in less time and also increase (even how small) my marketability as a web developer? Thanks. Phillip Flores Phillip Flores wrote: > Hi, > > I have the opportunity to develop a...

Delphi 4 to Delphi 2009
Hello, Thanks to all who answered my previous question. That was a great help. And atlast our client agreed to upgrade our delphi version from 4 to Delphi 2009. *Sigh*. But before that, I need to give the estimation and cost regarding the migration to delphi 2009. Can anyone tell me is there any tool to migrate from delphi 4 to delphi 2009 or just I need to compile our Delphi 4 application in Delphi 2009. I have read from the delphi 2009 feature matrix that Delphi 1 through Delphi 2007 import is possible in delphi 2009. But i am not that sure considering the size of our application. ...

Delphi 5 to Delphi XE4
Thinking about making the conversion. Of course we have numerous components such as: TurboPower AsyncPro, TurboPower Orpheus ICS2 Synactis All-In-The-Box. You guys have any advice as to the effort and time it may possibly take. It is a large application, several hundred thousand lines. And that's what happens when using third party components, a lot of extra work. I have been burned a few times. I now minimize the use to a few well known suppliers, like TMS. I have "banned" a lot of other components. Regards, Ole > > Thinking about making the conver...

Delphi 7 to Delphi XE2
Hi, Still using that old workhorse, Delphi7, but am going to the conference in London hosted by Embarcadero on Delphi XE2. Although I would like to "move with the times" and am keen to get the UNICODE and 64-bit support offered by the latest IDEs, I confess to being more than a little scared about all the UNICODE/String/AnsiString and 32/64 bit issues I'm probably going to fall over. Anyone recently upgraded from Delphi7 to one of the latest Delphi IDEs? Thanks, Alain On 03/02/2012 08:55, Alain Dekker wrote: > Still using that old workhorse, Delphi7, but...

from delphi 6 to delphi 2010
Hi. It is possible, with component RX, dxforumlibrary, InfoPower3000Pro, StringAlignGrid. Accepts communication BDE. Thank by comments. excequiel arostica wrote: >Hi. > It is possible, with component RX, dxforumlibrary, >InfoPower3000Pro, StringAlignGrid. Accepts communication BDE. > >Thank by comments. Rx is dead and sources are taken over by jcl/jvcl. I dont know about the rest of the components and i have no experiences with bde over the last 9 years. excequiel arostica wrote: > Hi. > It is possible, with component RX, dxforumlibrary,...

Delphi 5 To Delphi 2009
I upgraded to Delphi 2009 from D5. The install says I can install Delphi and/or C++. Delphi installed OK but I see nothing of C++. What am I missing or does my upgrade not include C++? Thanks It depends on what you bought. If you bought Delphi 2009 only, that's what you get. If you bought Delphi 2009 and C++ Builder 2009 you get both. My guess is you got Delphi 2009 only. The simplest way to verify is look your invoice - it should say I would think. You could also go to members.embarcadero.com, login, then click on my registered products. There will be a textual description of...

Delphi 4 to Delphi 2007
Hello, I will have to port a D4 application (with source) to D2007. what kind of problem could I face ? I will have to go to customer site tommorow to analyse its source code to quote the work, what should I care of to hestimate the porting time ? Thanks John Terry wrote: > Hello, > I will have to port a D4 application (with source) to D2007. > what kind of problem could I face ? > I will have to go to customer site tommorow to analyse its source code > to quote the work, what should I care of to hestimate the porting time ? You can probably do it by just changi...

Delphi
Hello. I use the Delphi SQL Explorer for view and edit ASA database. But I can't see tables DBO owned in the window DATABASES, only as result of select (for example, select * from dbo.client). Why I can't see these tables? Alexey Yakushev. P.S. I use Delphi5. I don't know much about Delphi, but tables owned by dbo are considered system tables in ASA. It's possible that SQL Explorer is making ODBC calls to list tables that execlude system tables. -- Reg Domaratzki Sybase iAnywhere Solutions Please reply only to the newsgroup ASA EBFs and Whitepapers ht...

Web resources about - Delphi and virus, or virus and Delphi. - embarcadero.delphi.non-tech

Delphi - Wikipedia, the free encyclopedia
... an archaeological site and a modern town in Greece on the south-western spur of Mount Parnassus in the valley of Phocis . The site of Delphi ...

Delphi Automotive (@DelphiAuto) on Twitter
Log in Sign up You are on Twitter Mobile because you are using an old version of Internet Explorer. Learn more here Delphi Automotive @ DelphiAuto ...

Delphi Connect for Verizon on the App Store on iTunes
Get Delphi Connect for Verizon on the App Store. See screenshots and ratings, and read customer reviews.


Audi working with Delphi to develop autonomous car tech
Audi is developing an iPad-sized device that will pack all the necessary computing power for a self-driving car

US approves China company's acquisition of Delphi biz
The Committee on Foreign Investment in the United States has formally approved the acquisition of Delphi's global production of braking systems ...

Verizon And Delphi Officially Launch Vehicle Diagnostics Service - $250 For The Module, $5 A Month On ...
If you're a car nut, a paranoid parent, or a small business owner looking to do a little, uh, company vehicle economy analysis, Verizon's teamed ...

Watch out Google: Delphi gives Ars a ride in its self-driving car
The automotive components maker gave Ars a preview ride around the neighborhood. MOUNTAIN VIEW, CA—On Thursday morning I met with Delphi at its ...

The skinny on Delphi's autonomous road trip across the United States
Filed under: Green , Videos , Autonomous Last week, Delphi's autonomous car became the first to complete a coast-to-coast trip across the United ...

Delphi partners with WiTricity on automated wireless charging system
One could easily argue that parking between the white lines at any local hangout presents a challenge for some inexperienced drivers. So, why ...

Resources last updated: 1/2/2016 10:18:59 AM