Newly Detected AutoCAD Worm Sending Designs and Blueprints to China

  • Researchers have discovered the presence of a worm now known as “ACAD/Medre.A” which is designed to steal AutoCAD documents such as designs and blueprints and send them to email addresses in China.
  • While the worm has been centered mainly in Peru and neighboring countries, it is not restricted there.
  • Written in AutoLISP, AutoCAD’s scripting language, this worm has been spread through infected AutoCAD templates.
  • “After some configuration, ACAD/Medre.A will begin sending the different AutoCAD drawings that are opened by e-mail to a recipient with an e-mail account at the Chinese 163.com Internet provider,” wrote Righard Zwienenberg of Eset in an analysis of the worm’s activity.
  • “I don’t think it’s an APT. It’s kind of an uncontrolled attack,” suggests Dimitry Bestuzhev, head of Global Research and Analysis for Kaspersky in Latin America. “It’s hard to say who the target is, and it doesn’t seem to be government sponsored.”
  • “When it’s a targeted attack, they try to limit the propagation to machines they care about, and that’s not the case with this,” he adds.

No Comments Yet

You can be the first to comment!

Leave a comment

You must be logged in to post a comment.