A new virus - in the true sense of the word - targets the Delphi compiler, causing any applications compiled to also be infected. Ironically, infections have already been spotted in variants of the Banker trojan family, indication that those malware distributors are themselves infected with the virus.

ScanSafe detects the malware as Virus:Win32.Induc.A and so far has seen a few hundred instances of encounters with this virus via the Web since it's initial discovery on the 18th. Domains observed hosting the new Win32.Induc.A virus include:

vipfotos.rbcmail.ru
nfotos.rbcmail.ru
zfotosvip.web39.f1.k8.com.br
sofotos.web46.f1.k8.com.br
ifotosvi1.web38.f1.k8.com.br
ifotosvip.web52.f1.k8.com.br
frybtom.host.sk
mail.tkscd.net
vipfoto.rbcmail.ru
ppd-files.download.com
www.xptools.net
software-files.download.com
up-4.com
vipvideos.rbcmail.ru
www.baladasnight.com
up16wz2.uploading.com
www.camigi.com
www.usuario2009.com
www.tools4movies.com
video1.web46.f1.k8.com.br
xfotosx01.fromru.su
www.usung.cn
imagenrela.sqweebs.com
down.tabbrowser.co.kr
www.liangzhuchina.com

To avoid distributing the infection to others, SANS is recommending that Delphi developers check their Delphi compiler Lib folder for a file named SysConst.bak. If it exists, rename the file to SysConst.dcu, then recompile any applications.