ESET, the leader in proactive protection celebrating 25 years of its technology this year, has uncovered a worm that targets drawings created in AutoCAD software for computer-aided design (CAD). Recently the worm, ACAD/Medre.A, showed a big spike in Peru on ESET’s LiveGrid® (a cloud-based malware collection system utilizing data from ESET users worldwide).
ESET’s research shows that the worm steals files and sends them to email accounts located in China. ESET has worked with Chinese ISP Tencent, Chinese National Computer Virus Emergency Response Center and Autodesk, the creator of AutoCAD, to stop the transmission of these files. ESET confirms that tens of thousands of AutoCAD drawings, primarily from users in Peru, were leaked at the time of the discovery. ESET has made a free stand-alone cleaner available at ESET.com.
“After some configuration, ACAD/Medre.A sends opened AutoCAD drawings by e-mail to a recipient with an e-mail account at the Chinese 163.com internet provider. It will try to do this using 22 other accounts at 163.com and 21 accounts at qq.com, another Chinese internet provider,” says ESET Senior Research Fellow Righard Zwienenberg.
“ACAD/Medre.A represents a serious case of suspected industrial espionage. Every new design is sent automatically to the operator of this malware. Needless to say this can cost the legitimate owner of the intellectual property a lot of money as the cybercriminals have access to the designs even before they go into production. They may even have the guts to apply for patents on the product before the inventor has registered it at the patent office,” adds Zwienenberg.
