2nd virus threat: Now Much Dangerous than the former

PropagandaPerhaps you already know about the “Delphi virus” which is in the news these days. I would not enter (again) in the details of this. There is already enough virtual ink on this. For example, Marco Cantu summed up some links on the theme. Also Craig Stuntz has a nice post about this.

But now in the wild is a 2nd ‘virus’ with a much more dangerous ‘payload’ that the former: mass-media misinformation. This thing can damage Delphi way worse than any other virus, Delphi specific or not. For example, from this cNet article I don’t really know against what is written the article: against the worm or against Delphi?

I don’t imply that in the wild are ‘human’ malware but, once again, we can see how bad ignorance can be. To sum up all the misconceptions:

  • Is anybody still using Delphi? Yes, sure it is. The user base is anywhere between 1 and 2 millions. Ok, we know that the TIOBE index is somewhat approximative but sometimes it gives a general overview on what’s going on… …and things are encouraging because now we are before to a release – the most quiet period on Internet, when everyone waits.
  • Is it alive? Sure it is. Delphi 2010 is the first RAD development tool which provides Natural Input Methods out of the box for Windows XP and newer. Is the first RAD development tool certified for Windows 7. The only one RAD development tool which provides out of the box a n-Tier solution capable to link the native code, .NET and Java worlds. If this isn’t ‘alive’ then what is?
  • Is Delphi infected? The worm infects a file from the distribution kits of Delphi 4 till Delphi 7. Delphi 7 was released in 2002. 7 (seven) years ago. Why nobody says that from then there were 5 (five) releases in between. Delphi 2010 will be the 6th release. And still the guys from Embarcadero are aware of this and will handle the matter. So, anyone which has a (by a wide margin) up to date Delphi version is safe. Why nobody says this?
  • Is Delphi weak? The same form of attack, or perhaps even worse forms implemented with less effort, can be implemented for Java, .NET family of languages (there are even tools and videos (!) how to do it), C++, Ruby etc. For me it seems much more simpler to add methods to a Java system class that opens an hole, and then put that changed class into the .jar file and deploy application out to millions and it would have a backdoor exploit. Why they try to leave the impression that Delphi is the only weak one?

Well, if for the first form of virus, there appeared already different forms of protection from different vendors, for the 2nd one there is only one form: Spread the word.

12 thoughts on “2nd virus threat: Now Much Dangerous than the former

  1. >>up to date Delphi version is safe. Why nobody says this?

    Probably nobody says this because there is no evidence so far that up-to-date versions are safe. I’ve found no information on what protection later versions of Delphi provide that would make them immune to this kind of attack. It seems like the virus writer was just using an older version.

  2. @John Senior: Are you kidding right?

    How do you want to protect Delphi or any other development environment or compiler? Delphi should ship with everything hardcoded so nothing can be changed? Or may be you want CRC of the distributed code… this is, Delphi should checksum all its .pas everytime it compiles?? Come on! What about you need patch the original source for some custom requirement?… Ok lets try other things, what about some background process checking the installation integrity? Or a specific scanner testing “malware” activities in the code? Absurd ideas huh? And there are many more crazy ways, and all of them are useless, they can be beated easily and they will enforce the interest of kiddies in writing worms to do that (and they will just for fun!). Seriously, do not react like that, it will only get worse. Be smart, protect yourself by creating a safe building environment (different to the development machine, not connected to the internet, easy to backup and restore, etc etc etc, just like a VM) and do not execute nothing but the needed things there. Thats it, if you are responsible you will get the results you are looking for, but its up to you.

    Really, the solution its at your side, not in the IDE/compiler. You need FULL ACCESS to the code (like an administrator to the system), so any program executing in your context will have full access, and if its a worm infecting that code it will, thats it.
    Thats the price to have full access, so you are responsible for what you do… its just like real life heh

    • The article states:
      “So, anyone which has a (by a wide margin) up to date Delphi version is safe. Why nobody says this?”

      Nobody says having an up to date version will make you safe because that isn’t so.

      An up to date version is no protection. I never claimed it was or should be, so save your rants for someone else.

      • You said “I’ve found no information on what protection later versions of Delphi provide that would make them immune to this kind of attack” and that sounds like Delphi should have internal protections for that. Thats why i asked if you were kidding. The rest was just to argument my view (for example, any protection will be beated easily, will encourage kiddies to write worms, etc). No offense intended.

  3. Sorry to say the following, I don’t intend to make you feel bad.

    Having said that, could you take more time to check your spelling and grammar? Maybe a little less fancy expressions would help (instead of using ones that don’t fit). I’m not a native speaker either, and refrained from making comments before, but almost every post contains a couple of obvious mistakes (blog and newsgroup).

    Other than that your posts are a nice read.

    • Thank you Peter!

      You are welcome. We all were waiting for a total recall that sends us back to school directly into the last row of our classroom straight to – we call it in Austria – the “donkey’s desk”. I expect you to sit in the first row to sneak on us to the teachers. Apart from this you are right, simply concatenating English words ist not enough, but we are developers, we concatenate strings the whole day and this is the result, no English compiler no well defined grammar and we are done, typical problem of LR(x) languages in common;-). So I see we can be glad to work on windows, imagine, if we where UNIX guys, no vocals could be found here. – Don’t take this to seriously. And take care, maybe someone hides your glasses…


      • Nice put. 🙂 Thanks. But you forgot to mention that we are Pascal coders. What if we were C/C++ gurus?
        Phps thn w’ll wrte lke ths.

  4. Pingback: ¿Es Delphi inseguro? « Mundo Binario

  5. What i want to SAY :
    I LIKE DELPHI ( From V1 ..V2010 ) .
    I see the Strength of Delphi when it was targeted by this PIECE of SHEET ( Virus ) .

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s