The Retro-Virus

Nowadays we see lots of malicious software that is designed to steal money and information. A new virus was recently discovered that seems to be all about proving a concept rather than blatant maliciousness.

The Win32/Induc.A virus does not infect like most viruses do. Delphi is a programming language. Induc infected the Delphi IDE so that when the programmers compile their programs the programs are already infected.

As far as we are able to determine at this time, this virus went undetected since April 2009. Most of the samples of infected files we have seen are other trojans, mainly those that steal bank information. So, we detected the Trojan, but didn’t know that it was also infected.

For the average user the virus is essentially harmless. The problem is that some software development companies use Delphi, got infected, and when we added detection for Win32/Induc.A their programs were detected. Some of these companies accused ESET of having false positives when their programs were actually infected!

In reviewing our internal malware collections our researchers have found over 4,000 infected samples. Our Threatsense.Net network has identified over 30,000 unique infected samples in the first 24 hours after we added detection.

For a write up about this virus you can visit http://www.eset.eu/encyclopaedia/win32-induc-a-virus?lng=en

Ironically, some other malicious software that was previously undetected by antivirus vendors will now be detected because it is infected with Induc.A!

It’s pretty rare now to be able to talk about a widespread virus that probably won’t cause you any harm.

Randy Abrams
Director of Technical Education

Author ESET Research, ESET

  • IBK

    McAfee thinks the virus may have been around since already one year. -> “The W32/Induc virus has been in the wild for at least a year.” (source: http://www.avertlabs.com/research/blog/index.php/2009/08/19/induc-virus-abuses-delphi-compiler/ )

    • Randy Abrams

      It is quite possible. Sometimes a virus doesn’t spread quickly, but then takes off. There may have been very few samples for a long time.

  • quding

    Retro-Virus,what does “retro” mean here?

    • Randy Abrams

      Retro here means “old school”. This is a kick back to an old style of virus that had no payload and was intended to prove a concept.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

7 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.