Worm Steals AutoCAD-created Files in Probable Surveillance Attack

Investigators at Security Company ESET have detected a malicious worm that strikes AutoCAD drawings to possibly execute enormous industrial espionage, it's reported.

Notably, AutoCAD is a PC program to construct 2/3-dimensional "computer aided designs" as well as drafts. It's evident that the campaign is chiefly circulating in Peru with no less than 10,000 systems infected -a somewhat huge count considering the manner in which the worm behaves.

As per the security company, marginal infection incidences due to the worm named ACAD/Medre.A has shown up in more nations, however, other than China, they're the countries, which either contain huge Spanish-speaking people or are physically close to Peru.

Righard Zwienenberg, Senior Research Fellow at ESET explains that 'Medre.A' dispatches AutoCAD drawings, already open, via e-mail to people having accounts that the 163.com ISP in China hosts. It attempts at performing likewise with 21 accounts that another Chinese ISP the qq.com hosts besides 22 accounts that the 163.com hosts, he informs. Theregister.co.uk published this on June 21, 2012.

Zwienenberg further says that ACAD/Medre.A is involved in heavy industrial espionage by auto-dispatch of all fresh designs to the malware's controller. Consequently, the person genuinely owning the IP (intellectual property) bears excessive costs with the crooks getting to see the designs that don't yet get used in manufacturing, the researcher adds.

Moreover, Pierre-Marc Bureau, malware researcher with ESET remarks that his organization doesn't have sufficient clues regarding the specific industries the worm is targeting. Since AutoCAD prepares any type of design files, their thefts can impact enormously. For instance, a skyscraper's blueprint that an establishment has created, if stolen, can be put to bid for a reduced quotation thereby causing large potential losses for that enterprise, the researcher elaborates. Darkreading.com published this dated June 21, 2012.

And as sneaky transferences of design documents to China-based electronic mail accounts occur, the hackers manage to keep their nationality hidden. The Chinese National computer virus Emergency Response Center together with Tencet, the firm running one Internet site from amongst the two harboring the electronic mail accounts actively joined ESET in the latter's examination so the said e-mail A/Cs could be blocked.

Related article: Worm Spreads With Random Subject Lines

» SPAMfighter News - 6/29/2012