[Lazarus] StatusItem in a Carbon app
Tobias Giesen
tobias_subscriber at tgtools.com
Sun Aug 23 20:12:56 CEST 2009
On Sat, 22 Aug 2009 19:50:40 +0200
Marc Santhoff <M.Santhoff at web.de> wrote:
> Am Freitag, den 21.08.2009, 11:08 +1000 schrieb Bruce Tulloch:
> > Some more information on this...
> >
> > Its propgation mode is that it changes sysconst.dcu, and any app
> > compiled and subsequently run on a machine which has delphi
> > installed has its sysconst.dcu infected. Fixing is easy, as your
> > original sysconst.dcu is renamed sysconst.bak, so you just switch
> > it back and make the directory non-writable.
> >
> > Details at:
> >
> > http://www.symantec.com/security_response/writeup.jsp?docid=2009-081816-3934-99
> >
> > Cheers, Bruce.
> >
> > PS: of course it does not affect Lazarus :-)
> >
> > waldo kitty wrote:
> > > Martin wrote:
> > >> Just something I found:
> > >>
> > >> http://www.h-online.com/security/Virus-infects-development-environment--/news/114031
>
> In all those decriptions I miss the information on how the manipulated
> sysconst.dcu has entered the system. There has to be some transporting
> mechanism still undetected.
>
> Does anybody know how the infection works?
It was explained on a german site:
http://www.heise.de/newsticker/Virus-infiziert-Entwicklungsumgebung-Update--/meldung/143679
Basically it works like this:
If you got infected all your created programs contain the virus.
Namely the programmers of Free 2.41 und Tidy Favorites 4.1 had the
virus. You as user download and execute the exe and the virus changes
the sysconst.dcu. Apparently the file must be writable by the user and
fit the Delphi version.
Does the lazarus windows installer install writable ppus?
Mattias
More information about the Lazarus
mailing list