On Sat, 22 Aug 2009 20:22:14 +0200 (CEST) Michael Van Canneyt <mich...@freepascal.org> wrote:
> > > On Sat, 22 Aug 2009, Mattias Gaertner wrote: > > > On Sat, 22 Aug 2009 19:50:40 +0200 > > Marc Santhoff <m.santh...@web.de> wrote: > > > >> Am Freitag, den 21.08.2009, 11:08 +1000 schrieb Bruce Tulloch: > >>> Some more information on this... > >>> > >>> Its propgation mode is that it changes sysconst.dcu, and any app > >>> compiled and subsequently run on a machine which has delphi > >>> installed has its sysconst.dcu infected. Fixing is easy, as your > >>> original sysconst.dcu is renamed sysconst.bak, so you just switch > >>> it back and make the directory non-writable. > >>> > >>> Details at: > >>> > >>> http://www.symantec.com/security_response/writeup.jsp?docid=2009-081816-3934-99 > >>> > >>> Cheers, Bruce. > >>> > >>> PS: of course it does not affect Lazarus :-) > >>> > >>> waldo kitty wrote: > >>>> Martin wrote: > >>>>> Just something I found: > >>>>> > >>>>> http://www.h-online.com/security/Virus-infects-development-environment--/news/114031 > >> > >> In all those decriptions I miss the information on how the > >> manipulated sysconst.dcu has entered the system. There has to be > >> some transporting mechanism still undetected. > >> > >> Does anybody know how the infection works? > > > > It was explained on a german site: > > http://www.heise.de/newsticker/Virus-infiziert-Entwicklungsumgebung-Update--/meldung/143679 > > > > Basically it works like this: > > If you got infected all your created programs contain the virus. > > Namely the programmers of Free 2.41 und Tidy Favorites 4.1 had the > > virus. You as user download and execute the exe and the virus > > changes the sysconst.dcu. Apparently the file must be writable by > > the user and fit the Delphi version. > > As I understood it, it modified the .pas file, and placed the > modified file in the LIB directory (where the .dcu is located), thus > causing the file to be recompiled and included every time one > compiles a program. The Delphi version was irrelevant. Where do got that from? > > Does the lazarus windows installer install writable ppus? > > AFAIK, it must, otherwise Lazarus cannot be recompiled ? ? Since years lazarus checks if the directory is writable and if not uses its config directory \bin as output directory. > In each case, if it works on the source level, there is nothing to be > done. > > Clever trick, however you look at it :-) If you try that with fpc you get: PPU Loading /usr/lib/fpc/2.3.1/units/i386-linux/rtl/sysutils.ppu Recompiling sysutils, checksum changed for sysconst Fatal: Can't find unit sysutils used by Classes Mattias -- _______________________________________________ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus