The F-Secure blog has details of a Malware variant that they’ve found that solely targets installed Delphi versions 4 -7. F-Secure currently detect this as: Virus.Win32.Induc.a. The malware saves a clean copy of SysConsts.dcu and then adds a call to its own init function at the entrypoint of the SysConsts.dcu library. The malware is rather limited in its viability because it seems to be limited to infecting Delphi Versions 4-7 and the code that it inserts into SysConsts.dcu apparently seems to do little more than reinfecting Delphi with itself so it’s not potentially that damaging.
I would probably describe it more as a nuisance than malicious because of it’s limited payload but worth keeping an eye on. I wonder about the motives of it’s author.
For full details see the F-Secure blog post titled 0wn1ng Delphi.
Now to me, if you’re still using Delphi versions 4-7 then you can now promptly rush into your Boss’s office and use that magic word: “security” as an excuse to get approved budget to upgrade yourself to the upcoming Delphi 2010, which looks to contain a whole bunch of fantastic features and upgrades.
[Update: Apparently the problem was initially discovered by the Russian programmer who runs the Russian Language Gunsmoker blog.]
I am a Delphi Developer, .NET and Web Developer and General Geek. I am an enthusiastic advocate of hobbyist development and in particular tools which allow for hobbyist development. Please have a good look around and enjoy anything that you find useful on this site. 
FYI:
Indeed, virus was discovered (found) by russian programmer “Gun Smoker” http://gunsmoker.blogspot.com/
Not F-Secure team has found that virus. Please, show respect for people made hard work.
@Aleksey – Apologies to whomever is behind the Gun Smoker blog, I did not intentionally snub the people who worked hard to identify and document the malware. Instead I simply didn’t realise who had originally discovered it as the F-Secure blog entry was not explicit on the matter and the original Gun Smoker post linked to was in Russian.
Thank you for you response.
That’s ok, i suppose. I wrote this comment, just because your post if first post about this virus in DelphiFeeds (in russian-speaking Delphi communities, this virus is known and discussed for last 7 days), so I’d like to ensure, that the whole story was told correctly.
Here’s more details:
There’s a poll on the left side of Gunsmoker’s blog, that shows, that nearly 40% of russian-speaking programmers have found that virus. (mostly because of using popular russian IM client Qip and Aimp, in which the virus was identified first). Not sure, that in other communities virus is spread as much. But there are some third-party components and libraries that can contain that “virus”.
F-secure blog, just mentioned that source, giving the link to Gunsmoker’s blog, without specifying his job.
Btw, you can use Google.Tranlsate to translate russian blogs. Here is the link: http://translate.google.com/translate?prev=hp&hl=en&js=y&u=http://gunsmoker.blogspot.com/2009/08/delphi-delphi.html&sl=ru&tl=en
I think “the motives of it’s author” its not big deal at all.
Lets imagine… a -”bad”- junior programmer working in some company could easily write that -ugly- code to infect the machines of his coworkers and drop in other machines (company clients, for example) some trojan (in a modified version of the posted code). What about a “botnet” or stuff like that? Lamers love that stuff to call themselves “hackers”… its just more of that big old discussion.
That may explain the appearance of this “malware”, and i think there are also other childish reasons that it’s author could have.
Anyway, the important thing is that there is no reason to panic at all, but we should pay attention that this kind of stuff can happen, even in the company you work.
Delphi seems to be a good tool for hackers too, anyone remember hacker defender? It started off a “Hardware Driver” project, that turned into a rootkit tool to take over PC’s. I guess they needed some income to support there project.
GSA has developed a freeware tool that could remove the Win32/Induc.A virus completely from executables and let you start them again without your anti virus complaining about it.
I had the same problem too but the symptoms were different