AutoCAD Worm Medre.A Stealing Designs, Blueprints

Trailrunner7 writes, quoting Threat Post: "Security researchers have come across a worm that is meant specifically to steal blueprints, design documents and other files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. However, experts say that the worm's infection rates are dropping at this point and it doesn't seem to be part of a targeted attack campaign. ... [They] discovered that not only was the worm highly customized and well-constructed, it seemed to be targeting mostly machines in Peru for some reason. ... They found that ACAD/Medre.A was written in AutoLISP, a specialized version of the LISP scripting language that's used in AutoCAD."

I vote we call it Bawney Fwank

Because it's written in LISP.

also Autodesk software needs local admin to run ri

[Joe_Dragon]

also most Autodesk software needs local admin to run right or at least the older ver of it did.

can we stop calling it stealing

It's just sharing. Information wants to be free! Remember?

Re:can we stop calling it stealing

It's just sharing. Information wants to be free! Remember?

On slashdot, information wants to be free and there's no such thing as intellectual property when it's the RIAA or MPAA. When it's someone we like, then the group think is very, very different. Suddenly, artificial scarcity is fine, it's wrong to copy someone else's creation against their will.

Re:can we stop calling it stealing

[NEDHead]

The CADS. Have they no honour? (spelt this way 'cuz it looks better)

Re:can we stop calling it stealing

[betterunixthanunix]

The Chinese are just sampling these designs to decide whether or not to buy.

Re:can we stop calling it stealing

[bill_mcgonigle]

there might be some truth to that:

Last month, for example, the Peruvian Defense Ministry canceled a $114 million contract with a consortium that included U.S. defense manufacturer Northrop Grumman after a Chinese company convinced officials the project did not meet technical specifications.

Re:can we stop calling it stealing

OK, don't feed the trolls, but here goes anyway:

There's a bit of a difference: The AutoCAD drawings being stolen were (presumably) never meant to be released to the public. It could very well be theft, as in theft of trade-secret or such. Piracy never enters into it, as it's not a publicly-sold copyrighted work.

You generally don't walk up to a engineering firm and ask to browse their drawings catalog and then offer to buy one. If you somehow did manage to buy a drawing, and if said drawing were copyrighted, and you then turned around and started selling copies of that drawing to others, then that would be piracy (and not theft).

Theft of corporate secrets is indeed theft, since the original owners no longer have the secrets. The "secrecy" part of it is forever gone, even if the drawings remain. The economic loss is easily much, much greater than the corresponding loss due to piracy, namely of one potential sale of a copyrighted work that's otherwise generally available.

Re:can we stop calling it stealing

[AK+Marc]

Trade Secrets are *not* copyrighted. Copyright law applies in some cases because the lawyers didn't know where else to put it, but copyright applies to published works, and Trade Secrets are not published works. There's a difference, but those looking to support their pet causes without regard to reality refuse to ever see it.

Re:can we stop calling it stealing

[Bodero]

On slashdot, information wants to be free and there's no such thing as intellectual property when it's the RIAA or MPAA.

Correct. There isn't a better example than the The Oatmeal saga.

Re:can we stop calling it stealing

[tsm_sf]

So... you're saying we prefer a scrappy entrepreneur over a bloated group of coked up media whores.

And we're supposed to feel bad about it. Do I have that right? We're supposed to feel bad?

Re:can we stop calling it stealing

[znrt]

if said drawing were copyrighted, and you then turned around and started selling copies of that drawing to others, then that would be piracy (and not theft).

From Wikipedia, the free encyclopedia:
"Piracy is an act of robbery or criminal violence at sea. "

the RIAA or MPAA have not only coluded your civil rights already, they aren't only a serious threat for your freedom of speech, they have already hijacked your language, thus effectively manipulating and screwing your thinking. sad.

Re:can we stop calling it stealing

[jaymemaurice]

The correct description of this is industrial espionage.

Re:can we stop calling it stealing

[DarkOx]

Because there is difference between independently duplicating published material and converting someone else's property for your use, getting their computer to publish materials to you in this case.

I and I expect many other Slashdot readers would argue the harm here is the using of a computer that does not belong to you to do something you have not been given permission to do. I also think exposing trade secrets and duplication copyrighted works need to be thought about differently. In the case of copyright infringement you are looking at stuff that has been make publicly available by the author; with trade secrets its a question of confidentiality and privacy.

Re:can we stop calling it stealing

if said drawing were copyrighted, and you then turned around and started selling copies of that drawing to others, then that would be piracy (and not theft).

From Wikipedia, the free encyclopedia: "Piracy is an act of robbery or criminal violence at sea. "

the RIAA or MPAA have not only coluded your civil rights already, they aren't only a serious threat for your freedom of speech, they have already hijacked your language, thus effectively manipulating and screwing your thinking. sad.

ok, that is very selective copying from Wikipedia, and it doesn't help our cause to become the fud side. Not only do Wikipedia have a list of what piracy also may refer to, including copyright infringement. But also tells you that the use of "piracy" in context of copyright infringement dates back to 1603 (a bit before RIAA/MPAA could "hijack the language") and has been a common term for this since, including in the 1886 Berne Convention.

Re:can we stop calling it stealing

[SuricouRaven]

I prefer to hijack their hijack.

Yarrr!

Re:can we stop calling it stealing

[MrHanky]

Are you sure about that? Under the Berne Convention, copyright is automatic, and is the original creator's exclusive right of copying. It shouldn't matter whether it's intended for publication or not.

Re:can we stop calling it stealing

[AK+Marc]

I don't live in Berne. We pass our own laws. If the government chose to agree to a convention, then not implement laws that uphold it, I'm not held to that convention. And, from what I can tell, protections start at "publication" (certainly the expiry times, as those take the longest dates). But the laws to mention Trade Secret separately. If they are copyrighted at creation, there is no such thing as a Trade Secret. And, at least in the US, copyright is to encourage publication, and Trade Secrets are not published, thus not under copyright. Even if the US agreed to some convention that states otherwise.

Re:can we stop calling it stealing

[MrHanky]

Thanks. But if you don't have a clue about copyright law, why state your inane bullshit as facts?

Re:can we stop calling it stealing

[AK+Marc]

Because you are commenting on international law or such that doesn't apply to me. I'm not "international" I'm a citizen of the USA, and bound by those laws. If the US laws do not recognize the distinction you make, then you are arguing about the number of cans of beans in my cupboard by looking in yours and declaring me wrong. And no, just because you have more or less than me doesn't mean that the number in my cupboard is wrong. Some treaty or convention that the US is theoretically bound to does not affect US law. The law must be passed by Congress, and agreements entered into by the government not codified into law make good toilet paper.

Re:can we stop calling it stealing

[drkstr1]

The AutoCAD drawings being stolen were (presumably) never meant to be released to the public

Pirated music was never made available to the public to download for free either.

I feel like there is a difference there. The act of "piracy" is one of taking something that was shared to you willingly (EG. a burnt CD from a friend), without paying a tithe to the owner of that "idea." Accessing someone's private information and taking it from them against their will seems much more morally reprehensible to me.

Re:can we stop calling it stealing

[MrHanky]

Yes, but you still don't know anything about copyright law, and the U.S. has in fact enacted the Berne Convention since 1989. You don't have to repeat all that to prove, once again, that you know nothing about U.S. copyright law. Idiot.

LISP is so great

[Alan+Shutko]

That it's finally expanded into the virus industry!

Re:LISP is so great

No... it has just become self aware, and is doing this on its own for reasons we cannot possibly comprehend.

Re:LISP is so great

[djl4570]

Will Lisp build itself into the devices it steals.

Re:LISP is so great

[Nimey]

P!

It is jsut so that they can re-create Peru

[Master+Moose]

Why else would they take their designs?

It makes cloning villages much eaier if you have the blue-prints.

I bet these guys http://idle.slashdot.org/story/12/06/22/0022251/china-pirates-austrian-village would have loved the blue-prints before they started

Re:It is jsut so that they can re-create Peru

[slashmydots]

I dunno about that. When I think Peru, I think advanced engineering in architecture and mechanics :-P And flutes. It's probably primarily used for flute design actually lol.

Re:It is jsut so that they can re-create Peru

[rtb61]

More likely that it is a fishing expedition and they really are after engineering documentation and technical drawings of a more secret kind. Building plans might have some useful bits to copy nut are likely to attract the kind of skills to create the worm. This could very well be just the first version. M$ windows and the applications running on top of it seem to have become the vector for wide ranging worms, viruses and trojans released by government espionage agencies running Linux ie they are safe screw everyone else. In wide ranging global fishing expeditions just to see what they can get, with no regard for unintended consequences. US lead the way into what is likely to cause M$ a lot of security based fiscal harm.

Easy to track down

[microbee]

Just arrest all LISP programmers and beat them up until they talk. There aren't many anyways.

Re:Easy to track down

[Charliemopps]

If you count all the custom versions of LISP out there used for scripting inside other applications I think you'd be rather surprised just how many LISP programmers there are. Half of them probably don't even know what they're writing in is based on LISP.

Re:Easy to track down

[betterunixthanunix]

There aren't many anyways

Clojure is becoming pretty popular these days, and there are plenty of not-so-trendy places where you see Scheme and Common Lisp being used. Also, do not forget that a certain widely used text editor is mostly written in Lisp, and that there are plenty of developers working on that editor.

Oh, yeah, and AutoCAD macros, but I am not sure how many people are writing those...

Re:Easy to track down

[dbIII]

Oh, yeah, and AutoCAD macros, but I am not sure how many people are writing those

It used to be a major selling point of AutoCAD and why I hated using the light version where repetive tasks couldn't be automated (I even imported data from spreadsheets and did decent graphs in CAD instead of the shit line graphs in MS Excel at the time). Then I just got used to not doing macros, and moved on to use other CAD that was not as shitty as AutoCAD LT. Now python has some DXF functions so you can do things to exported drawings as batch jobs or generate drawings from data without touching CAD at all.

Re:Easy to track down

[Cow+Jones]

Just arrest all LISP programmers and beat them up until they Smalltalk.

Re:Easy to track down

[fatphil]

It would never work - death would be preferable!

this would be a good time to send flawed data

[FudRucker]

use the email addresses to send flawed data to china so they end up trying to build impossible things like what is found in Escher's drawings

Re:also Autodesk software needs local admin to run

[Mashiki]

Well my copy of 2012 does, otherwise it won't work at all. I don't know if 2013 does. Maybe someone who's company has sprung for the new version can chime in. Nothing like "gaping ass wide security hole" to make your day is there? Err never mind...that could probably lead to a 13 year old joke.

The Law of Unexpected consequences

[Artifakt]

A brand new install of Autocad costs $3,995 and up. It produces files that have a distinctive extension, making them easy to identify and to tell from other types of documents without even having to examine internal code. Any file produced by a legal autocad install was made by somebody who paid serious money to be able to do so. Ergo, if someone can harvest a thousand Autocad files at random, a high proportion of them will be of valuable, useful stuff.

        Fighting warez sites distributing Autocad means, if the company is successful, a higher percentage of the documents made with it will be the valuable stuff. At 4K a legitimate copy, actually stopping a high percentage of 'pirates' means increasing the danger to your own legitimate users.

          If going through 10,000 autocad documents means finding, say, a dozen new patent filings and diagrams, two trade secret process designs for million dollar product lines, a few archetectural blueprint packages, and such, it becomes worth a government paying a programming team to write the software and putting three or four fulltime engineers and a few technicians on just evaluating those documents for the 'good' ones. If there were a thousand bootleg copies of the software for every legitimate one, that government might not bother to go through 10 million documents for about the same haul, as most of the bootleg copies won't be producing anything worth that much.

Re:The Law of Unexpected consequences

[trout007]

AutoCAD isn't used by too many serious mechanical engineers anymore. We have moved to parametric CAD like Solid Works, Pro/E, CATIA, ect. Structural Engineers use programs like STAAD that have tools for compiling with structural steel standards. I do know some people that still use AutoCAD for schematic work.

Re:The Law of Unexpected consequences

[mbkennel]

ah, that makes it so much more espionage proof.

Re:The Law of Unexpected consequences

[WCVanHorne]

Well in manufacturing you may be correct but in construction AutoDesk is still a top dog.

Re:The Law of Unexpected consequences

[AK+Marc]

That, and AutoCAD where I worked last where there was an official install (with the retail price you mention, many pirate), you'd have ended up with useless GIS data that's kept in AutoCAD because ESRI costs more, and every GIS document generated was public knowledge and available from the city. It was mostly telephone pole locations for a telecom.

Re:The Law of Unexpected consequences

[joe_frisch]

I'm a bit surprised that it is worth it though. The vast majority of autocad drawings are really boring - building layouts, miscellaneous machine parts etc. It would be very labor intensive to go through zillions of stolen drawings to try to figure out which ones were actually valuable.

OTOH, this could be a sort of demonstration run. Once they find out how to quietly steal drawings, they might be able to modify the code to look for specific drawings from specific companies or government sites. They might be helped here by government agencies who have a uniform drawing numbering and description system.

Re:The Law of Unexpected consequences

I'm in the construction field (architecture more specifically), and we left AutoCAD years ago for more advanced BIM software. And I'm in a part of the country that is somewhat behind our industry curve.

AutoCad is far from top dog. Compared to tools like Revit, it is just a dog. I'll never go back.

Re:The Law of Unexpected consequences

[flyingsquid]

If there were a thousand bootleg copies of the software for every legitimate one, that government might not bother to go through 10 million documents for about the same haul, as most of the bootleg copies won't be producing anything worth that much.

Wait, so the problem is that the Chinese are stealing people's blueprints, and your "solution" is to have people steal software? That's got to be the most twisted defense of piracy I've ever seen. I mean, if it's morally acceptable to take a piece of software that retails for $4000 without paying for it, then isn't it also morally acceptable for the Chinese to steal those blueprints? If it's okay to steal software, movies, and music because "information wants to be free" then its okay for the Chinese to, say, swipe the design for an American manufactured wind turbine because "information wants to be free". The whole argument that it's not really theft when you download an MP3 because you're not depriving them of an actual object would also apply to the manufacturer. The Chinese didn't actually take anything from them, all they did was rip off the design. It seems to me that either the creator has the right to control the distribution of the intellectual property or they don't.

Re:The Law of Unexpected consequences

[GigaplexNZ]

Well in manufacturing you may be correct but in construction AutoDesk is still a top dog.

AutoCad is far from top dog. Compared to tools like Revit, it is just a dog. I'll never go back.

Revit is made by Autodesk.

Re:The Law of Unexpected consequences

[K.+S.+Kyosuke]

Wait, so the problem is that the Chinese are stealing people's blueprints, and your "solution" is to have people steal software? That's got to be the most twisted defense of piracy I've ever seen. I mean, if it's morally acceptable to take a piece of software that retails for $4000 without paying for it, then isn't it also morally acceptable for the Chinese to steal those blueprints?

Actually, the first action is unlikely to significantly reduce Autodesk's revenues, however, the second action plus Chinese companies selling cheaper knock-offs of your stuff can put your engineering company out of business. So if you're pragmatic, yes, the GP is on to something here.

Re:The Law of Unexpected consequences

[cawpin]

While you are all correct, AutoCAD is no longer used by mechanical engineering nearly as much as it used to be, it is still widely used in other fields. Specifically, the electrical diagraming add-ons are very much still used for schematics. Plant floor plans are also a big part of it's use as 3D isn't a necessary part.

Re:The Law of Unexpected consequences

[Hillgiant]

I'm a bit surprised that it is worth it though. The vast majority of autocad drawings are really boring ... miscellaneous machine parts etc

Do you have ANY idea how much margin there is in spare parts? I have worked at several companies that lose money on the front end and make it up on scheduled maintenance. Hence our big customers are constantly badgering us for "detailed part drawings" of sub components. They can ask, and they can get politely refused. I.e. "You paid for the machine, you did not pay for the engineering that went into it. Otherwise the price would have been 2-3 orders of magnitude higher." or, somewhat less adroitly "No, we will not give you enough information to go to Ma&Pa machine shop down the street who will undercut us by 40%-60%"

Re:The Law of Unexpected consequences

[EnsilZah]

Gotta love Autodesk, they're so committed to customer choice they have like three competing products in each category.

Re:also Autodesk software needs local admin to run

[jeffasselin]

I'm going to ball CS, I install Autocad for many of my customer's users, and I haven't needed to give them admin privileges since version 2007 I think.

Re:also Autodesk software needs local admin to run

[betterunixthanunix]

Run it in a VM, using a fresh VM image before each use.

Or does AutoCAD have some horrible DRM system that would get in the way of that approach?

The Coming Poiuyt Gap.

[bmo]

But then they will be building the impossible while we only build the possible. They will have assumed that we have working Poiuyts and attempt to build them themselves, not knowing that they don't work. The biggest problem in not getting something done is assuming it can't be done. The Chinese will assume it can be done, and do it.

We will then be having generals and captains of industry bemoaning the Poiuyt Gap, which must be closed and we will spend trillions building Poiuyts.

--
BMO - What, me worry?

Re:The Coming Poiuyt Gap.

[oakgrove]

When expressing mildly off-topic and possibly off-color love for Chinese poontang on Slashdot, there's a little checkbox for you right next to the words 'Post as Anonymous Coward'. You must have missed it.

Re:The Coming Poiuyt Gap.

[rubycodez]

nope

auto cad needs a better then video card

[Joe_Dragon]

auto cad needs a better then video card what most vm have. Also can use a lot of cpu power.

Re:auto cad needs a better then video card

[betterunixthanunix]

Sure, although with IOMMUs being widely deployed on PCs and hardware being more virtualization-friendly these days, it should not be long before running AutoCAD in a VM is not so annoying.

Re:auto cad needs a better then video card

[dbIII]

That entirely depends on what you do with it, it doesn't "need it" unless it is for a very large project (for CPU) and you want it to look very nice on the screen with 3D rendering. For simple parts drawings a 286 with co-processer was tolerable back in the day so any modern desktop system has the grunt for a large portion of CAD work. AutoDesk are infamously slow with development - is the thing multi-threaded yet or is it as if we are we still stuck in 1992 when other CAD was multi-threaded but AutoCAD wasn't?

Re:auto cad needs a better then video card

[GigaplexNZ]

Except Intel doesn't support VT-d on their flagship K series chips... you need the lower end chips to get it. Intels product differentiation makes little to no sense, and their inconsistent support for VT-x caused a hell of a lot of problems with XP mode on Windows 7 when it was released.

Re:auto cad needs a better then video card

[Inda]

We designed cars in 1992 on Spark stations. Multi-surfaced wireframe models, in those days.

It may have taken a second or two to redraw shaded views, but CPU speeds were never a real issue.

The biggest problems back then were network problems. "Network going down!" was a common scream around the body design shop and everyone rushed to save their work.

Solid modelling was done on the same Spark stations in 1999. Once again, no real problems with the hardware.

I miss Solaris. As a young man, I couldn't believe we were using Win3.1 in the back office, whilst using Solaris for all the important work. The difference between the two was huge.

Re:auto cad needs a better then video card

[P-niiice]

Appliance design was done on the same platforms, until parametric design took over.

Re:auto cad needs a better then video card

[Lord+Lode]

Solaris, where simple things like pressing the up arrow in the terminal don't work (or was it tab completion, one of the two, don't remember which).

Solaris is like Linux, except that everything is a little worse.

Maybe back in those days you mentioned it was good compared to the rest then... But maybe today it's still like it was in 1992 or so?

Re:auto cad needs a better then video card

[swilly]

The lack of arrows and broken tab completion was a problem with ksh, no matter what Unix variant you ran it on. Ksh can be fixed to provide both features using some hacks in your kshrc, but they aren't obvious. Or, you can just use bash like you do on Linux.

Of course, the version of bash on Solaris 10 is ancient, but that's a consequence of the philosophy of "if it isn't broke, don't fix it." This philosophy pervades the entire toolchain and the core libraries. This focus on stability is great for servers, but sucks for workstations. Of course, Sun abandoned the workstation market long before the Oracle takeover.

Re:auto cad needs a better then video card

[toddestan]

The problem is that people don't expect that they have to pay that close attention to what they're buying to make sure they get all the features. You would think that buying an i7, which is Intel's top of the line desktop chip, would mean it would include all the features of the lower end desktop chips. But that's not always the case.

Re:also Autodesk software needs local admin to run

[Archangel+Michael]

Option 2 for the win

Re:also Autodesk software needs local admin to run

[WCVanHorne]

Well for us 2012 does not seem to need admin to run; although you need to run as admin once to do the performance optimization/video card thing.

architects

[rubycodez]

what the chinese will mostly get is many, many house floorplans, elevations and relfected ceiling plans

Re:architects

[physicsphairy]

The Chinese do do a lot of copycat architecture, model cities after other famous locations, etc. It is strangely plausible that this could actually be some kind of art heist. . . .

Re:architects

[sociocapitalist]

what the chinese will mostly get is many, many house floorplans, elevations and relfected ceiling plans

And of course, lacking human resource to take the time to peruse the captured information they'll just throw their hands up and say 'Oh well I guess it's not worth stealing 100,000 designs to get one or two really good ones..." /ironyoff

Re:architects

[ledow]

The only person I know who actually owns a copy of AutoCAD is an interior designer.

Good luck lifting all those living-room designs. I think the inbox associated with the worm overflowed for a reason - nobody ever bothered to check it after the first several million examples, samples, minor designs and things totally uninteresting to anyone but the person who made the files (e.g. a house plan of some unknown suburban semi so they could see where the sofa could fit).

Worm targets Windows machines ..

[dgharmon]

"Security researchers have come across a worm that is meant specifically to steal .. files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates .. ACAD/Medre.A was written in AutoLISP, a specialized version of the LISP scripting language that's used in AutoCAD".

Does this 'worm` run on any other system except Microsoft Windows?

Re:Worm targets Windows machines ..

[GigaplexNZ]

It probably runs on OS X too since AutoCAD runs there.

Oh people, please make bogus AutoCAD plans!

[aisnota]

If you are infected with this, please please make bogus plans for exotic weapons, marital aides and artistic expressions.

Please salt those wounds!

Re:China

[lister+king+of+smeg]

I'm SHOCKED that Chinese email addresses seem to be involved. SHOCKED... and we will continue to do business with these lying cheating bastards who are waging economic warfare with the US until we send our last dollar there.

um this is a attack on puru no the US. you can calm down now besides haven't you ever heard of hosted servers, they can be leased anywhere in the world and china would be a great place to put get one because they aren't likely to sell you out without large amounts of money being involved

Ahem

[drdrgivemethenews]

LISP is not a scripting language.

-------

My other car is a cdr.

Re:Ahem

[dbIII]

AutoLISP is from memory. It got a very shitty reputation because on the early implementations in AutoCAD (some of which I had the misfortune of using), the parser was very sensitive to whitespace and had a few other little quirks. That meant that sometimes a script wouldn't run until you deleted a line and retyped in the the same human readable text - so debugging was very time consuming. I attempted to write a 3D drawing to G-code converter in it as part of a Univerisity CAD subject in 1988 (feed in drawings, then output code a CNC milling machine can use), but back then the "standard" was model specific so it was really far beyond the scope of one person in one semester for anything other than rigged demos (the input drawings done in a very specific way).

Blueprints?

[BobandMax]

If it can steal blueprints, that is one sophisticated piece of software. It would have to fold them, stuff and seal envelopes, calculate and affix postage and deposit them in the outgoing mail. Wow!

Re:Ah, but which information?

[arcsimm]

T-squares, my friend, T-squares. Preferably the ones with the cast-aluminum heads --- they can be very persuasive.

Re:also Autodesk software needs local admin to run

[dbIII]

It used to. I still have a dongle for the way overpriced student version that was still crippled in other ways.

Original research on ACAD/Medre.A at ESET's web si

[Aryeh+Goretsky]

Hello,

Somewhat surprised to see that the original research on the worm by ESET has not been mentioned yet on Slashdot. For all those who are interested, here it is:

• ACAD/Medre.A - 10000's of AutoCAD files leaked in suspected industrial espionage - post in ESET's blog by Righard Zwienenberg with high-level overview of the worm
• ACAD/Medre.A Technical Analysis - post in ESET's by Robert Lipovsky which goes into more detail on replication and payload of the worm
• ACAD/Medre.A White Paper [PDF, 2.36MB] - white paper with additional analysis and graphics.
• ESET Threat Encyclopaedia: ACAD/Medre.A - ESET's virus encyclopaedia entry on the worm. Also contains link to a free stand-alone cleaner.

From speaking with some of the ESET folks involved in the above, it seems there may be additional details forthcoming.

Regards,

Aryeh Goretsky

Chinese mailboxes neq China

[Katatsumuri]

Maybe it's just some local corporate espionage using Chinese mailboxes to cover their tracks.

Re:Chinese mailboxes neq China

[FhnuZoag]

Yeah. The only connection to China is that the email accounts are on 163.com and qq.com, popular Chinese free email providers. But anyone can set up an account on these websites, in any country. Just go to e.g. http://reg.email.163.com/mailregAll/reg0.jsp?from=163mail , type in the email address and password you want, and viola. The toughest part would probably be the chinese language captcha, but that's not impossible to get through with a handwriting IME, even if you don't know Chinese.

Re:China

[FhnuZoag]

The evidence here that points to China seems about as strong as claiming a scam using Gmail means it's by the US. I.e. not at all.

Re:also Autodesk software needs local admin to run

[amaiman]

also most Autodesk software needs local admin to run right or at least the older ver of it did.

AutoCAD 2013 (and 2012, and at least a few more versions back) run fine without admin rights. It helps to have write permissions opened up on various AutoCad folders (Program Files\AutoDesk, ProgramData\Autodesk, etc.) to allow for customization, but the application will run fine. Admin rights are only needed at the time of initial installation.

Re:China

[FhnuZoag]

Here you go, after five minutes of fiddling:

slashdot1234@163.com

password: qwerty

There, go log in at http://mail.163.com/ . Now you too can be (allegedly) a Chinese super hacker!

Re:also Autodesk software needs local admin to run

[JBdH]

I cannot remember any version of AutoCAD (and I am started administrating AutoCAD systems from version 10) needing local admin rights to run. AutoCAD has been one of the few apps to support non-admin users as soon as windows enabled that feature (windows NT3.5 anyone?). Only if you seriously mess up your AutoCAD settings inside your user profile or the registry will this happen. Of course you're messing with those if you don't pay for the software you use...

Re:Original research on ACAD/Medre.A at ESET's web

[sociocapitalist]

Hello,

Somewhat surprised to see that the original research on the worm by ESET has not been mentioned yet on Slashdot. For all those who are interested, here it is:

• ACAD/Medre.A - 10000's of AutoCAD files leaked in suspected industrial espionage - post in ESET's blog by Righard Zwienenberg with high-level overview of the worm
• ACAD/Medre.A Technical Analysis - post in ESET's by Robert Lipovsky which goes into more detail on replication and payload of the worm
• ACAD/Medre.A White Paper [PDF, 2.36MB] - white paper with additional analysis and graphics.
• ESET Threat Encyclopaedia: ACAD/Medre.A - ESET's virus encyclopaedia entry on the worm. Also contains link to a free stand-alone cleaner.

From speaking with some of the ESET folks involved in the above, it seems there may be additional details forthcoming.

Regards,

Aryeh Goretsky

Thanks for this..up until your post I actually thought it was called Merde.A...

Re:also Autodesk software needs local admin to run

[EnsilZah]

A friend of mine told me about a studio he worked for where they got explicit permission from Autodeks to use cracks for Maya so they wouldn't have to deal with the copy protection.

Re:Original research on ACAD/Medre.A at ESET's web

[tinkerton]

I checked the technical analysis document: the file involved is a fas file, that is compiled lisp. It's called acad.fas , maybe this increases the chances it gets executed automatically. The source in this case a mixture of vbs and lisp,probably the lisp file writes vbs scripts.

Although the malware is written in AutoLISP, its main functions are carried out by Visual Basic Scripts, which are dropped and executed by the VBS interpreter built in Windows. This is shown in the following code snippet, where the VBS script was previously stored to the MK-INFO-BIN variable.

I think it can be made by a single person.

Re:Original research on ACAD/Medre.A at ESET's web

[tinkerton]

Yes, an acad.fas file next to a drawing will be loaded automatically if you open the drawing by doubleclicking on it.

Not the First Time

[godatum]

This is not the first time AutoCAD has been hit. If I remember correctly, this problem also had some links to China. http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=13717811&linkID=9240617

thingiverse does not have this problem

[decora]

you see, we actually WANT you to share blueprints and designs.