AutoCAD worm stealing DWG files



Security researchers have come across a new worm that is meant specifically to steal blueprints, design documents and other files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. However, experts say that the worm’s infection rates are dropping at this point and it doesn’t seem to be part of a targeted attack campaign.

Before you start panicking, you should know that most incidences of this worm have been found in Peru.

I’ve  heard about at least one AutoCAD worm in the past. It was a clumsy thing, not written by a serious black-hat.  This one was written in AutoLISP, with its functions wrtten with VisualBasic scripts. It seems to be intended as industrial espionage.

You can read more about this worm in Richard Zwienenberg’s ESET threat blog entry, and get technical details at Robert Lipovsky’s entry.  ESET has made a free stand-alone cleaner, which you may download here.



3 Comments on “AutoCAD worm stealing DWG files

  1.  I understand AutoCAD is still very popular and all, but I just can’t resist to make a pun: “Who sent this worm on a time machine, to the present?”

  2. It was sent by Autodesk to make it seem like ACAD is still important…

  3. Pingback: Hva får en om en kombinerer Piratebay, tekniske tegninger og 3D-printere? |

Leave a Reply