back to article Rare AutoCAD malware rigs drafting machines for follow-up attacks

Security researchers have discovered a rare strain of AutoCAD malware that opens up compromised machines to secondary exploits. ACM/SHENZ-A poses as a legitimate component of AutoCAD software for computer-aided design (CAD). But analysis by security researchers at Trend Micro has revealed that the malicious file opens up …

COMMENTS

This topic is closed for new posts.
  1. Brad Ackerman
    Boffin

    The only surprise here is that the malware authors bothered to learn LISP; they must feel a need to diversify their product lines. (Or perhaps it's a targeted attack?)

    1. Anonymous Coward
      Anonymous Coward

      The popularity of Clojure probably helped publicise LISP amongst the youth of today.

  2. All names Taken
    Paris Hilton

    On the other hand it seems a particularly well targeted attack possibly demonstrating the intention of the hackers brief?

  3. Anonymous Coward
    Anonymous Coward

    State sponsored (where's a black helicopter icon when you need one?)

    If I was a state actor, or a serious industrial espionage outfit, it would be very sensible to target software packages that are dominant in narrow markets. The fact that AutoCAD files might also contain jolly juicy info about new designs and technology is very enticing.

    By the same logic, Siemens' SCADA stuff for industrial process automation would be exciting. Oh, wait.

    Of course, it depends on the market domain of the software. I'm told that InDesign replaced QuarkExpress as the leading professional magazine layout application, but presumably the Chinese/Americans/Russians don't feel the need to know what's in next month's issue of People magazine.

  4. John Smith 19 Gold badge
    Unhappy

    I still find it quite bonkers that AutoCAD uses LISP

    And props to a malware developer learning it.

    Clearly more a quality (of target) rather than a quantity person.

    Clearly someone to be found and watched.

    1. Anonymous Coward
      Anonymous Coward

      Re: I still find it quite bonkers that AutoCAD uses LISP

      Allow me please: http://www.fourmilab.ch/autofile/www/chapter2_35.html

      1. John Smith 19 Gold badge
        Happy

        Re: I still find it quite bonkers that AutoCAD uses LISP

        ""Allow me please: http://www.fourmilab.ch/autofile/www/chapter2_35.html

        So did any of the other language interfaces appear?

        I think people misunderstood my original comment.

        LISP has a reputation of being tricky to implement well (mostly in the garbage collection side) so it's a tough target to implement and (perceived) to be an odd choice for what is likely to be a pretty compute heavy application.

        It's a real "left field" choice.

        And I quite like that.

  5. xj25vm

    Does it require admin privileges for initial infection?

    See title. I couldn't work out from the article if the .FAS file can still infect a machine even if it is opened by a user with restricted privileges.

  6. codeusirae
    Facepalm

    2008 wants their autocad virus back ..

    OK, someone sends you an Autocad file containing an autorun macro, which if opened, tries to create an admin account under Windows. Does this malware work if you don't already have admin rights.

    "AutoCAD software has long included an option to warn you when opening a drawing or project file that includes embedded macros. From that warning dialog box, you can disable the macros before they are able to execute."

    http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=12903754&linkID=9240617

    1. Richard 12 Silver badge

      Re: 2008 wants their autocad virus back ..

      But some people are idiots some of the time.

      And all it takes is for one drafter to click the "Yes, go ahead" button and the entire company is compromised, because that drafter will probably have access to all the company's drawings.

      Yet another reason why AutoCAD is damaging.

      I see so many projects late and over budget due to AutoCAD - it doesn't help you avoid stupid mistakes, and actively causes errors in many cases because it isn't capable of solid modelling.

      Drafting packages like AutoCAD are pointless, and have been for more than a decade. Get an actual design package!

      1. Measurer

        Re: 2008 wants their autocad virus back ..

        Totally agree, 2D drafting packages should die rather than become the bloated 'jack of all trades, crap at all trades' shite they are now (and AutoCAD is the worst). Unfortunately, it's often the LISP drivers of AutoCAD which are the CAD package decision makers in Engineering and Design companies. In 20 years of electrical design, I have only ever used vanilla AutoCAD (without elec. design addons) or similar to produce drawings, even though the discipline maps itself to a database driven model fantastically well (see Zuken E3).

    2. phuzz Silver badge

      Re: 2008 wants their autocad virus back ..

      It would be interesting to know what the malware was pretending to be. Presumably an addon so useful that end users were happy to click on it, rather than listening to their IT policies.

This topic is closed for new posts.

Other stories you might like