Virus targets Delphi code compiler

A new virus attack is targeting the Delphi code compiler and garnering the attention of security experts.

The virus infects a component within the Delphi library folder and disguises itself as a legitimate file.

Rather than attempt to simply install other malicious files onto the host machine, however, the virus uses the compiler itself as a means of spreading. When the host machine compiles programs, the virus inserts lines of malicious code, turning the compiled code into a virus delivery system.

Researchers from Sans, McAfee, BitDefender and F-Secure have all reported and analyzed the virus. So far, the virus has displayed no malicious intents other than replicating itself and no further malware attacks or file downloads have been reported.

Still, the virus is gaining attention from experts to its unusual delivery style, which has managed to infect some high-profile applications. German computer magazine ComputerBild warned readers after discovering that one of the files on a recent issue's free CD insert was found to be infected with the virus.

The infection also appears to be spreading in more nefarious circles, according to Sans researcher Rick Wanner.

"A funny side effect is that in the few days since this virus has been detected in the wild, a number of trojans have been discovered to be affected with the virus," wrote Wanner.

"Obviously they were compiled with an infected Delphi compiler."

Security firm BitDefender said that developers can check for the infection by searching for a file in the Delphi library folder names "SysConst.bak" and then renaming the infected file as "SysConst.dcu" to prevent compiled applications from becoming infected.