[Lazarus] delphi - virus

Bruce Tulloch bruce at causal.com
Fri Aug 21 03:08:07 CEST 2009


Some more information on this...

Its propgation mode is that it changes sysconst.dcu, and any app compiled and
subsequently run on a machine which has delphi installed has its sysconst.dcu 
infected. Fixing is easy, as your original sysconst.dcu is renamed sysconst.bak, 
so you just switch it back and make the directory non-writable.

Details at:

http://www.symantec.com/security_response/writeup.jsp?docid=2009-081816-3934-99

Cheers, Bruce.

PS: of course it does not affect Lazarus :-)

waldo kitty wrote:
> Martin wrote:
>> Just something I found:
>>
>> http://www.h-online.com/security/Virus-infects-development-environment--/news/114031
>
>
> speaking as one who spends a lot of time on security aspects like
> this, i thank you for posting it... similar things have actually
> occurred in the past but there was not the available coverage such as
> we have today so their existence was not widely known and those who
> did get hit with such a critter quietly cleaned up their installations
> and released new versions to replace the infested ones...
>
> FWIW: i recall a TP/BP6 and TP/BP7 critter of such fame way back in
> the day...
>
> -- 
> _______________________________________________
> Lazarus mailing list
> Lazarus at lists.lazarus.freepascal.org
> http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus





More information about the Lazarus mailing list