By June 27, 2012 Read More →

AutoCAD worm sends drawings to China

Thousands of drawings were sent via email from a large project in Peru before the attack was identified and stopped.

Internet security firm ESET recently detected a spike in activity from a known AutoCAD worm. ACAD/Medre.A was found to be sending thousands of drawings from a large project in Peru. The security holes which allowed the worm to operate have been closed, but the threat remains that other projects could be compromised.

ESET says the original infection was traced to an AutoCAD template originally sent to public agencies in Peru. The worm can infect AutoCAD version from 14.0 to 19.2. Written in AutoLISP, ACAD/Medre.A modifies the startup file for AutoLISP and then reconfigures in order to open the host email account and send drawings to specific Chinese accounts.

According to ESET, “we can derive the scale of the attack and conclude that tens of thousands of AutoCAD drawings leaked.” ESET contacted Autodesk and Tencent, the owner of the Internet domain on the receiving end of the worm’s emails, and the three coordinated their efforts to stop the attack. ESET also reached out to CVERC, the Chinese National Computer Virus Emergency Response Center, which also responded quickly.

ESET has published a free white paper describing the incident, and has released a free stand-alone cleaner available, in cooperation with Autodesk.  The utility can be found here.

email

About the Author:

Randall S. Newton is Managing Editor of GraphicSpeak. He has been writing about engineering and design technologies for more than 25 years.

1 Comment on "AutoCAD worm sends drawings to China"

Trackback | Comments RSS Feed

  1. joey says:

    OUCH !!

    This is why we dont have production machines on the internet.

    God know what happens when it hits the cloud. Probably more of this will happen.