Saturday October 25, 2014

AutoCAD worm stealing DWG files

From threatpost.com:

Security researchers have come across a new worm that is meant specifically to steal blueprints, design documents and other files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. However, experts say that the worm’s infection rates are dropping at this point and it doesn’t seem to be part of a targeted attack campaign.

ACAD Medre.A Some CodeBefore you start panicking, you should know that most incidences of this worm have been found in Peru.

I’ve  heard about at least one AutoCAD worm in the past. It was a clumsy thing, not written by a serious black-hat.  This one was written in AutoLISP, with its functions wrtten with VisualBasic scripts. It seems to be intended as industrial espionage.

You can read more about this worm in Richard Zwienenberg’s ESET threat blog entry, and get technical details at Robert Lipovsky’s entry.  ESET has made a free stand-alone cleaner, which you may download here.