The evolution of malicious programs (computer viruses and malware) judged likely to increase not only in intensity and escalation, but also the ability, mode, and the level of losses incurred.
According to security firm Eset, it is increasingly asserted that cyber criminals develop increasingly serious malware. One of the unique virus were detected Eset is a new variant virus that infects the Delphi programming language that is Win32/Induc.C.
"Unlike its predecessor, the C variant has a payload of malware that can infect files, and able to replicate themselves," said Eset.
Eset own previously Win32/Induc.A review about viruses, which infect files Delphi.Although technically the information is not detailed, Eset find interesting aspects and unusual aspect of the virus is not directly attack the files that can diexecute, but instead makes a list of standards in the Delphi programming environment as a target objective.
As a result, all applications are in the Delphi IDE will be infected and likely inspired the developers of a paper written by Ken Thompson, who elaborated on the method of infection by modifying the C compiler
"Even if the malware is really only infects applications with Delphi installed, malware will quickly spread to areas where there are applications written with Delphi programming language. Where ironically some malware is also written in Delphi," said Eset.
But beyond the issue of interest is the mechanism of infection, Induc.A not have a malicious payload. Unfortunately, two years later everything changed, with the emergence of new variants of Variant C.
Induc.B version Eset were detected in July 2011 did not have significant differences with the previous version that is not too distracting, but the code is being rewritten on Induc.B experienced some development that needs to be addressed:
- Just as in Win32/Induc.A, Win32/Induc.B infect ranging from Delphi version 4.0 to version 7.0. Induc.B also, a little more savvy in finding a place where the programming environment installed directory and contains the name of the company.
- In addition to making Delphi as a target, Induc also able to infect the Borland Developer Studio (BDS) and Codegear BDS.
- Several anti-debugging techniques introduced.
- Some simple XOR encryption began to be used to modify the code, making it difficult analysis of the code.
The latest variant of the virus known as Win32/Induc.C, appearance has undergone a far more dramatic changes. Eset first time succeeded in identifying the version of C in August 2011. Code in C variant, is entirely different from its predecessor, the similarity is only found in its function alone is equally infect Delphi.
According to them, although the mechanism of infection has undergone a change and it only infects Delphi applications, the new variant has also been equipped with new vectors to infect all. Exe file.
The most significant changes is the addition of functions downloader. Induc.C will create a backdoor for other malware can be downloaded and activated, thus its malware capabilities will increase.
By comparing the versions of the virus, more apparent that the first version of Induc is a Beta version or still the development stage, in which the writer was doing experiment with various methods according innovative infection.
0 comments:
Post a Comment