ESET security provider has uncovered a worm that targets drawings created in AutoCAD software for computer-aided design (CAD).
Recently the worm, ACAD/Medre.A, showed a big spike in Peru on ESET’s LiveGrid (a cloud-based malware collection system utilising data from ESET users worldwide).
It’s research shows the worm steals files and sends them to email accounts in China. ESET has worked with Chinese ISP Tencent, Chinese National Computer Virus Emergency Response Centre and Autodesk, the creator of AutoCAD, to stop the transmission of these files.
Tens of thousands of AutoCAD drawings, primarily from users in Peru, were leaking at the time of the discovery.
“After some configuration, ACAD/Medre.A sends opened AutoCAD drawings by e-mail to a recipient with an e-mail account at the Chinese 163.com internet provider. It will try to do this using 22 other accounts at 163.com and 21 accounts at qq.com, another Chinese internet provider,” said Righard Zwienenberg, senior researcher, ESET.
“ACAD/Medre.A represents a serious case of suspected industrial espionage. Every new design is sent automatically to the operator of this malware.
“Needless to say this can cost the legitimate owner of the property a lot of money as the cybercriminals have access to the designs even before they go into production. They may even have the guts to apply for patents on the product before the inventor has registered it at the patent office.”
ESET has made a free stand-alone cleaner available for public use. After discovering the threat the company contacted Tencent, the owner of the qq.com domain and Autodesk and they blocked the accounts used for sending the e-mails with the drawings.
ESET research teams around the globe have seen a number of infections in other Latin American countries along with Peru.
The high number of infections in Peru might mean malware disguised as AutoCAD files has been distributed to companies that had business with public services in Peru and ESET is in contact with the local authorities to take down the affected website.