Home / / ESET uncovers AutoCAD worm

ESET uncovers AutoCAD worm

Malware caught stealing AutoCAD files and mailing them to China

ESET uncovers AutoCAD worm
ACAD/Medre.A appears to have been designed to steal AutoCAD files.

Security company ESET says that it has detected malware that has been stealing AutoCAD computer-aided design files.

The ‘ACAD/Medre.A' worm appears to have been distributed disguised within AutoCAD files, and then attempted to steal AutoCAD files from infected machines and mailed them to several email accounts in China.

The infection primarily infected computers in Peru, and a few other Latin American companies, and ESET believes the attack was an attempt to steal files related to public services in Peru.

ESET says that it has worked with Chinese ISP Tencent, Chinese National Computer Virus Emergency Response Center and Autodesk to block the email accounts that were harvesting stolen data. It has also released a free stand-alone cleaner available at ESET.com.

ESET senior research fellow Righard Zwienenberg commented: "After some configuration, ACAD/Medre.A sends opened AutoCAD drawings by e-mail to a recipient with an e-mail account at the Chinese 163.com internet provider. It will try to do this using 22 other accounts at 163.com and 21 accounts at qq.com, another Chinese internet provider.

"ACAD/Medre.A represents a serious case of suspected industrial espionage. Every new design is sent automatically to the operator of this malware. Needless to say this can cost the legitimate owner of the intellectual property a lot of money as the cybercriminals have access to the designs even before they go into production. They may even have the guts to apply for patents on the product before the inventor has registered it at the patent office," added Zwienenberg.

"If there is one thing that becomes obvious from this piece of malware engaging in suspected industrial espionage is that reaching out to other parties to prevent further damage really works. Without the assistance of Autodesk, Tencent and Chinese National Computer Virus Emergency Response Center which helped ESET in taking down of dropsites and delivery chains, it would have been relatively easy only to clean already affected systems, but systems that would not be cleaned could have continued to be leaking their designs," says ESET chief research officer Juraj Malcho.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.