Search
Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Cisco Partner Summit Digital 2020 NetApp Digital Newsroom HPE Zone The Business Continuity Center Enterprise Tech Provider Masergy Zenith Partner Program Newsroom HP Reinvent Digital Newsroom Hitachi Vantara Digital Newsroom IBM Newsroom Juniper Newsroom Intel Partner Connect 2021 Avaya Newsroom Experiences That Matter The IoT Integrator Intel Tech Provider Zone NetApp Data Fabric WatchGuard Digital Newsroom

Eset Reveals New Worm Targeting AutoCAD Drawings

ACAD/Medre.A primarily targets Latin America and sends drawings to email addresses in China.

"This infection takes a shotgun approach, stealing basically everything it can find," said Pierre-Marc Bureau, Security Intelligence Program Manager at Eset. “This makes it much more difficult to know exactly what the controllers are targeting, but anyone doing business with a national government likely has access to high-value information.”

Known as ACAD/Medre.A, the worm emails opened AutoCAD drawings to one of more than 40 email accounts at two Chinese ISPs: 163.com and qq.com.

[Related: Eset Rebrands and Updates Security Offerings ]

The malware is downloaded as a hidden file named acad.fas, usually accompanying an AutoCAD .dwg file. Once the drawing is open, the worm tries to copy itself to several locations and issues commands designed to ensure that it will be executed whenever an AutoCAD drawing of any kind is opened on the infected system.

Bureau added that the Chinese ISPs in question acted quickly to begin blocking messages to the email addresses that served as the drop-off point. However, AutoCAD users are still being urged to run searches for tell-tale signs of ACAD/Medre.A.

Eset, which has been investigating the worm since it was first discovered in February, has created a free removal tool, though Eset customers can remove the malware through the company’s online scanner. In addition to detection via scanner, the presence of files named "acad.fas" and "cad.fas" in the same directory as the .dwg drawings is viewed as an indicator of the infection -- particularly if the files are marked as "hidden."

The investigation was accelerated over the last two months when the company noticed a dramatic uptick in the number of infections.

Back to Top

Video

     

    trending stories

    sponsored resources