Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Malware Turns Delphi Software Compilers into Virus Breeders

1 view
Skip to first unread message

anonymous

unread,
Aug 22, 2009, 7:57:30 PM8/22/09
to
Security experts seem more intrigued than alarmed over a
newly-discovered virus that inserts itself into a Delphi compiler, and
replicates itself in every program compiled.

http://www.wired.com/threatlevel/2009/08/induc/

--
Robert novak: 'Always love your country — but never trust your
government!'

Robert novak: 'Always love your country — but never trust your
government!'


nemo_outis

unread,
Aug 22, 2009, 10:02:11 PM8/22/09
to
anonymous <an...@domain.invalid> wrote in news:h6q0l0$abk$1...@news.mixmin.net:

> Security experts seem more intrigued than alarmed over a
> newly-discovered virus that inserts itself into a Delphi compiler, and
> replicates itself in every program compiled.
>
> http://www.wired.com/threatlevel/2009/08/induc/
>

Talk about old news!

To understand why security experts are not particularly surprised one need
only read the famous 1984 paper, "Reflections on Trusting Trust" by the
also-famous Ken Thompson. It's been known for 25 years that a suborned
compiler can infect what it compiles - Ken even provided proof-of-concept
code.

Regards,

anonymous

unread,
Aug 23, 2009, 8:53:49 AM8/23/09
to

'It's been known for 25 years...'. Yes, but is it old news that a
virus is CURRENTLY inside of some Delphi compilers?

--
Robert Novak:

Marco van de Voort

unread,
Aug 23, 2009, 9:04:27 AM8/23/09
to
On 2009-08-23, anonymous <an...@domain.invalid> wrote:
>> only read the famous 1984 paper, "Reflections on Trusting Trust" by the
>> also-famous Ken Thompson. It's been known for 25 years that a suborned
>> compiler can infect what it compiles - Ken even provided proof-of-concept
>> code.
>
> 'It's been known for 25 years...'. Yes, but is it old news that a
> virus is CURRENTLY inside of some Delphi compilers?

... and in the wild.

sengsational

unread,
Aug 23, 2009, 11:04:06 AM8/23/09
to
On Aug 22, 7:57 pm, anonymous <a...@domain.invalid> wrote:
> Security experts seem more intrigued than alarmed over a
> newly-discovered virus that inserts itself into a Delphi compiler, and
> replicates itself in every program compiled.
>
> http://www.wired.com/threatlevel/2009/08/induc/

I expected this forum to be abuzz with Delphi developers comparing
notes on the date of their first compile with the virus. Those with
the earliest infections would have a chance to see where this came
from (I suspect maybe a Delphi productivity tool).

Is there a place where Delphi developers hang-out and talk geek stuff?

--Dale--

nemo_outis

unread,
Aug 23, 2009, 1:33:39 PM8/23/09
to
anonymous <an...@domain.invalid> wrote in
news:h6re4i$nbd$1...@news.mixmin.net:


Only 25 years from vulnerability exposure to a real world exploit? Wow,
what blinding speed! Kinda takes your breath away. Truly those "evil
hackers" are cutting-edge devils.

So vulnerabilty announcements are followed by exploits - whodda thunk it?
You may as well make an trumpeting announcement for every virus in
Norton's and Mcafee's databases.

Moreover, besides the non-newsness of it all, my post was specifically
addressed as to why neither "security experts" nor I were surprised -
it's just another run-of-the-mill exploit of a long-known vulnerability.
Script-kiddie stuff.

Yawn!

Chris Burrows

unread,
Aug 23, 2009, 7:04:01 PM8/23/09
to
"sengsational" <DRS.U...@sengsational.com> wrote in message
news:0d0ce912-8f75-4adf...@r33g2000vbp.googlegroups.com...

> I expected this forum

Which forum? The original post went to several.

> to be abuzz with Delphi developers comparing
> notes on the date of their first compile with the virus. Those with
> the earliest infections would have a chance to see where this came
> from (I suspect maybe a Delphi productivity tool).

Is there a place where Delphi developers hang-out and talk geek stuff?

There have been at least four separate discussions on this topic under way
for the last week in the Delphi non-tech forum:

https://forums.codegear.com/forum.jspa?forumID=67

--
Chris Burrows
CFB Software
Armaide v2.1: ARM Oberon-07 Development System
http://www.armaide.com

Marco van de Voort

unread,
Aug 24, 2009, 1:24:01 AM8/24/09
to
On 2009-08-23, nemo_outis <a...@xyz.com> wrote:
>
> Only 25 years from vulnerability exposure to a real world exploit? Wow,
> what blinding speed! Kinda takes your breath away. Truly those "evil
> hackers" are cutting-edge devils.
>
> So vulnerabilty announcements are followed by exploits - whodda thunk it?
> You may as well make an trumpeting announcement for every virus in
> Norton's and Mcafee's databases.
>
> Moreover, besides the non-newsness of it all, my post was specifically
> addressed as to why neither "security experts" nor I were surprised -
> it's just another run-of-the-mill exploit of a long-known vulnerability.
> Script-kiddie stuff.

Strictly speaking, it infects the precompiled libraries, not the compiler
itself, so isn't the same as e.g. the Richie post.

nemo_outis

unread,
Aug 24, 2009, 10:49:55 AM8/24/09
to
Marco van de Voort <mar...@stack.nl> wrote in
news:slrnh948vh....@turtle.stack.nl:


A distinction without a difference.

Yawn!

Marco van de Voort

unread,
Aug 24, 2009, 11:50:34 AM8/24/09
to
On 2009-08-24, nemo_outis <a...@xyz.com> wrote:
>>> Moreover, besides the non-newsness of it all, my post was
>>> specifically addressed as to why neither "security experts" nor I
>>> were surprised - it's just another run-of-the-mill exploit of a
>>> long-known vulnerability. Script-kiddie stuff.
>>
>> Strictly speaking, it infects the precompiled libraries, not the
>> compiler itself, so isn't the same as e.g. the Richie post.
>
> A distinction without a difference.

Please read the original article. It is about bootstrapping compilers, Unix
style, and a totally different topic.

The only real connection is that both somewhere are remotely connected to
compilers.

> Yawn!

Sigh!

0 new messages