I’ve been trialing Tidy Favorites, a visual bookmark application, for the last week or two. Things were going well until this morning when I had a pop up from my Trend Micro Anti Virus warning me about Troj_Induc.A being found in my Tidy Favorites executable file. Odd but no worries, I’ve had false positives before and a quick check of the Tidy Favorites FAQs and yes, they mention that some aspects of Tidy Favorites can be detected as false positives and to let it go.
For some reason I was unassured by this so I did a quick search on Troj_Induc.A malware and there was this story from CNET linking to a blog article from SophosLabs written yesterday. Apparently the W32/Induc-A virus is something new in the wild. It looks for the Delphi programming environment on an infected PC and if it finds it, inserts copies of itself into every new Delphi file compiled on that machine. The upshot being that developers with infected machines, working with Delphi can be creating legitimate software with malware hitch hikers. Now that’s a clever virus. So far the virus seems benign, it doesn’t seem to do anything except replicate.
According to CNET W32/Induc-A has so far been detected in Tidy Favorites v4.1 as well as AnyTV Free v2.41 which, according to it’s download site is certified virus free. Tidy Favorites has since been patched, but Any TV is still offering the infected Any TV Free v2.41 download. Be careful people I fear we haven’t heard the last of this little pest. [Photo from Flickr ]
When a file infected with W32/Induc-A runs, it looks to see if it can find a Delphi installation on the current machine. If it finds one, it tries to write malicious code to SysConst.pas, which it then compiles to SysConst.dcu (after saving the old copy of this file to SysConst.bak). The new infected SysConst.dcu file will then add W32/Induc-A code to every new Delphi file that gets compiled on the system
Tags: malware, trojans, viruses, tidy+favorites, any+tv+free
Sheeesh! When will you guys just get a Mac?
You mean like the iMac sitting behind me?
Macintosh Viruses and Mac Virus Resources
http://antivirus.about.com/od/macintoshresource/M…
Viruslist.com – Malware Evolution: MacOS X Vulnerabilities 2005 – 2006
http://www.viruslist.com/en/analysis?pubid=191968…
Viruses and the Mac FAQ
http://www.faqs.org/faqs/computer-virus/macintosh…
Releaselog | RLSLOG.net » New Mac virus threatening internet pirates
http://www.rlslog.net/new-mac-virus-threatening-i…
Viruslist.com – Mac OS X
http://www.viruslist.com/en/analysis?pubid=204791…
List of known Macintosh viruses
http://ftp.cerias.purdue.edu/pub/tools/mac/mac-vi…
Dan, the comment was meant for the millions of window washers, who suffer endlessly with viruses, trojans and other such maladies. Ron.
I actually got an alert (AVG) for this trojan from the Commandsindemand app you covered the other day. Found the sophos article googling and then your post here coming back :-) Could be a false positive though…
@ sirron – I got rid of the Mac a few years back and haven’t missed it so far. Mileage does vary…
This is going to be the tricky part John, sorting out the false positives from the correct ones. Obviously the developers don't think they're creating malware but if the Induc.A is on their machines then everything they compile using Delphi can be affected.
I've just downloaded the Commands in Demand app again and scanned the installer and it seems ok at my end, not a guarantee though. Trend Micro found the Induc worm in the Tidy Favorites installer.
Wow, my list of virus information links for Apple Mac computers was removed-why?
DanO, the WordPress spam filter ate it, must have looked suspicious ;-)
I've authorised it but if it doesn't appear email the list to dan at redferret dot net and I'll post it here. Sorry for the hassle.
Dan I've emailed the list to you, maybe as a Mac user, you can wrap it into an article?
As a tech, I cringe whenever I hear Mac users proudly tell the world how they don't use/need anti-virus protection. The list I've compiled was from a simple search for "mac virus", I hope it helps to educate someone:
Macintosh Viruses and Mac Virus Resources:
http://antivirus.about.com/od/macintoshresource/M…
Viruslist.com – Malware Evolution: MacOS X Vulnerabilities 2005 – 2006:
http://www.viruslist.com/en/analysis?pubid=191968…
Viruses and the Mac FAQ:
http://www.faqs.org/faqs/computer-virus/macintosh…
Releaselog | RLSLOG.net » New Mac virus threatening internet pirates:
http://www.rlslog.net/new-mac-virus-threatening-i…
Viruslist.com – Mac OS X:
http://www.viruslist.com/en/analysis?pubid=204791…
List of known Macintosh viruses:
http://ftp.cerias.purdue.edu/pub/tools/mac/mac-vi…
—
Dan O