It appears you have not yet registered with our community. To register please click here...

Go Back [M] > Madshrimps > WebNews
New worm steals Autocad files New worm steals Autocad files
FAQ Members List Calendar Search Today's Posts Mark Forums Read

New worm steals Autocad files
Thread Tools
Old 27th June 2012, 08:47   #1
[M] Reviewer
Stefan Mileschin's Avatar
Join Date: May 2010
Location: Romania
Posts: 139,739
Stefan Mileschin Freshly Registered
Default New worm steals Autocad files

Insecurity experts have found a worm which is designed to steal blueprints, design documents and other files created with the AutoCAD.

Righard Zwienenberg of Eset dubbed the worm, ACAD/Medre.A and has spotted it preading through infected AutoCAD templates.

Talking to Wired, he said that the blueprints are being mailed to email addresses in China.

Zwienenberg said that the worm's infection rates are dropping at this point and it did not seem to be part of a targeted attack upon a company.

It first appeared six months ago and seemed to be jolly interested in machines in Peru, perhaps looking for the mythical home for retired bear's long lost marmalade factory.

ACAD/Medre.A was written in AutoLISP, a specialized version of the LISP scripting language that's used in AutoCAD.

The attackers used specific URLs to spread the infected template to targets.

Zwienenberg said that the attack vector was to hit the company and all those who did business with it. So the malware would mostly show up in Peru and neighbouring countries.

The worm modifies the startup file for AutoLISP and then goes through some configuration routines.

ACAD/Medre.A begins sending the different AutoCAD drawings that are opened by e-mail to a recipient with an e-mail account at the Chinese internet provider.

It will use 22 accounts at and 21 accounts at, another Chinese internet provider.

It accesses and with the different account credentials. Zwienenberg wrote that you should never allow port 25 to do anything other than contact your ISP and this should be blocked.

Kaspersky Labs said the software was an uncontrolled attack and it was hard to say who the target is, and it doesn't seem to be government sponsored. Victims also appear to have happened worldwide.
Stefan Mileschin is offline   Reply With Quote

Similar Threads
Thread Thread Starter Forum Replies Last Post
Final Cut Pro, Photoshop, Aperture, AutoCAD and more score Retina Display support Stefan Mileschin WebNews 0 12th June 2012 07:48
LinkedIn hacker steals 1.5m passwords from dating site eHarmony Stefan Mileschin WebNews 0 8th June 2012 07:49
Man Steals NY Federal Reserve Bank Source Code Stefan Mileschin WebNews 0 20th January 2012 09:43
Very slow opening Excel files? Speed Up Excel 2007 Opening Files from Network jmke WebNews 0 13th February 2009 16:10
Vista's so bad no one steals it jmke WebNews 19 12th June 2008 15:31
Nvidia steals ATI's mobile thunder jmke WebNews 0 18th December 2006 19:08
Google kills Santy worm jmke WebNews 0 22nd December 2004 10:19
worm virus !!! Gamer Hardware/Software Problems, Bugs 14 13th August 2003 20:36
AutoCad 14 probleem DyNaRaX Hardware/Software Problems, Bugs 2 2nd April 2003 11:12

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT +1. The time now is 10:13.

Powered by vBulletin® - Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO