Slashdot Mirror

← Back to Stories (view on slashdot.org)

AutoCAD Worm Medre.A Stealing Designs, Blueprints

Posted by Unknown on from the will-emacs-be-next? dept.

Trailrunner7 writes, quoting Threat Post: "Security researchers have come across a worm that is meant specifically to steal blueprints, design documents and other files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. However, experts say that the worm's infection rates are dropping at this point and it doesn't seem to be part of a targeted attack campaign. ... [They] discovered that not only was the worm highly customized and well-constructed, it seemed to be targeting mostly machines in Peru for some reason. ... They found that ACAD/Medre.A was written in AutoLISP, a specialized version of the LISP scripting language that's used in AutoCAD."

35 of 139 comments (clear)

  1. I vote we call it Bawney Fwank by Anonymous Coward · · Score: 4, Funny

    Because it's written in LISP.

  2. also Autodesk software needs local admin to run ri by Joe_Dragon · · Score: 4, Interesting

    also most Autodesk software needs local admin to run right or at least the older ver of it did.

  3. can we stop calling it stealing by Anonymous Coward · · Score: 4, Funny

    It's just sharing. Information wants to be free! Remember?

    1. Re:can we stop calling it stealing by NEDHead · · Score: 4, Funny

      The CADS. Have they no honour? (spelt this way 'cuz it looks better)

    2. Re:can we stop calling it stealing by betterunixthanunix · · Score: 4, Funny

      The Chinese are just sampling these designs to decide whether or not to buy.

      --
      Palm trees and 8
    3. Re:can we stop calling it stealing by bill_mcgonigle · · Score: 4, Interesting

      there might be some truth to that:

      Last month, for example, the Peruvian Defense Ministry canceled a $114 million contract with a consortium that included U.S. defense manufacturer Northrop Grumman after a Chinese company convinced officials the project did not meet technical specifications.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    4. Re:can we stop calling it stealing by Anonymous Coward · · Score: 5, Insightful

      OK, don't feed the trolls, but here goes anyway:

      There's a bit of a difference: The AutoCAD drawings being stolen were (presumably) never meant to be released to the public. It could very well be theft, as in theft of trade-secret or such. Piracy never enters into it, as it's not a publicly-sold copyrighted work.

      You generally don't walk up to a engineering firm and ask to browse their drawings catalog and then offer to buy one. If you somehow did manage to buy a drawing, and if said drawing were copyrighted, and you then turned around and started selling copies of that drawing to others, then that would be piracy (and not theft).

      Theft of corporate secrets is indeed theft, since the original owners no longer have the secrets. The "secrecy" part of it is forever gone, even if the drawings remain. The economic loss is easily much, much greater than the corresponding loss due to piracy, namely of one potential sale of a copyrighted work that's otherwise generally available.

    5. Re:can we stop calling it stealing by Bodero · · Score: 2

      On slashdot, information wants to be free and there's no such thing as intellectual property when it's the RIAA or MPAA.

      Correct. There isn't a better example than the The Oatmeal saga.

    6. Re:can we stop calling it stealing by tsm_sf · · Score: 2

      So... you're saying we prefer a scrappy entrepreneur over a bloated group of coked up media whores.

      And we're supposed to feel bad about it. Do I have that right? We're supposed to feel bad?

      --
      Literalism isn't a form of humor, it's you being irritating.
    7. Re:can we stop calling it stealing by jaymemaurice · · Score: 4, Insightful

      The correct description of this is industrial espionage.

      --
      120 characters ought to be enough for anyone
  4. LISP is so great by Alan+Shutko · · Score: 4, Funny

    That it's finally expanded into the virus industry!

    1. Re:LISP is so great by djl4570 · · Score: 2

      Will Lisp build itself into the devices it steals.

  5. It is jsut so that they can re-create Peru by Master+Moose · · Score: 2

    Why else would they take their designs?

    It makes cloning villages much eaier if you have the blue-prints.

    I bet these guys http://idle.slashdot.org/story/12/06/22/0022251/china-pirates-austrian-village would have loved the blue-prints before they started

    --
    . . .gone when the morning comes
    1. Re:It is jsut so that they can re-create Peru by slashmydots · · Score: 2

      I dunno about that. When I think Peru, I think advanced engineering in architecture and mechanics :-P And flutes. It's probably primarily used for flute design actually lol.

  6. Easy to track down by microbee · · Score: 4, Funny

    Just arrest all LISP programmers and beat them up until they talk. There aren't many anyways.

    1. Re:Easy to track down by Charliemopps · · Score: 5, Interesting

      If you count all the custom versions of LISP out there used for scripting inside other applications I think you'd be rather surprised just how many LISP programmers there are. Half of them probably don't even know what they're writing in is based on LISP.

    2. Re:Easy to track down by betterunixthanunix · · Score: 2

      There aren't many anyways

      Clojure is becoming pretty popular these days, and there are plenty of not-so-trendy places where you see Scheme and Common Lisp being used. Also, do not forget that a certain widely used text editor is mostly written in Lisp, and that there are plenty of developers working on that editor.

      Oh, yeah, and AutoCAD macros, but I am not sure how many people are writing those...

      --
      Palm trees and 8
    3. Re:Easy to track down by Cow+Jones · · Score: 2

      Just arrest all LISP programmers and beat them up until they Smalltalk.

      --

      Ah, arrogance and stupidity, all in the same package. How efficient of you. -- Londo Mollari
  7. this would be a good time to send flawed data by FudRucker · · Score: 5, Funny

    use the email addresses to send flawed data to china so they end up trying to build impossible things like what is found in Escher's drawings

    --
    Politics is Treachery, Religion is Brainwashing
  8. The Law of Unexpected consequences by Artifakt · · Score: 4, Interesting

    A brand new install of Autocad costs $3,995 and up. It produces files that have a distinctive extension, making them easy to identify and to tell from other types of documents without even having to examine internal code. Any file produced by a legal autocad install was made by somebody who paid serious money to be able to do so. Ergo, if someone can harvest a thousand Autocad files at random, a high proportion of them will be of valuable, useful stuff.

            Fighting warez sites distributing Autocad means, if the company is successful, a higher percentage of the documents made with it will be the valuable stuff. At 4K a legitimate copy, actually stopping a high percentage of 'pirates' means increasing the danger to your own legitimate users.

              If going through 10,000 autocad documents means finding, say, a dozen new patent filings and diagrams, two trade secret process designs for million dollar product lines, a few archetectural blueprint packages, and such, it becomes worth a government paying a programming team to write the software and putting three or four fulltime engineers and a few technicians on just evaluating those documents for the 'good' ones. If there were a thousand bootleg copies of the software for every legitimate one, that government might not bother to go through 10 million documents for about the same haul, as most of the bootleg copies won't be producing anything worth that much.

    --
    Who is John Cabal?
    1. Re:The Law of Unexpected consequences by trout007 · · Score: 5, Informative

      AutoCAD isn't used by too many serious mechanical engineers anymore. We have moved to parametric CAD like Solid Works, Pro/E, CATIA, ect. Structural Engineers use programs like STAAD that have tools for compiling with structural steel standards. I do know some people that still use AutoCAD for schematic work.

      --
      I love Jesus, except for his foreign policy.
    2. Re:The Law of Unexpected consequences by WCVanHorne · · Score: 4, Insightful

      Well in manufacturing you may be correct but in construction AutoDesk is still a top dog.

    3. Re:The Law of Unexpected consequences by GigaplexNZ · · Score: 4, Informative

      Well in manufacturing you may be correct but in construction AutoDesk is still a top dog.

      AutoCad is far from top dog. Compared to tools like Revit, it is just a dog. I'll never go back.

      Revit is made by Autodesk.

  9. Re:also Autodesk software needs local admin to run by jeffasselin · · Score: 2

    I'm going to ball CS, I install Autocad for many of my customer's users, and I haven't needed to give them admin privileges since version 2007 I think.

    --
    If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
  10. The Coming Poiuyt Gap. by bmo · · Score: 3, Funny

    But then they will be building the impossible while we only build the possible. They will have assumed that we have working Poiuyts and attempt to build them themselves, not knowing that they don't work. The biggest problem in not getting something done is assuming it can't be done. The Chinese will assume it can be done, and do it.

    We will then be having generals and captains of industry bemoaning the Poiuyt Gap, which must be closed and we will spend trillions building Poiuyts.

    --
    BMO - What, me worry?

    1. Re:The Coming Poiuyt Gap. by rubycodez · · Score: 2

      nope

  11. auto cad needs a better then video card by Joe_Dragon · · Score: 4, Informative

    auto cad needs a better then video card what most vm have. Also can use a lot of cpu power.

    1. Re:auto cad needs a better then video card by dbIII · · Score: 2

      That entirely depends on what you do with it, it doesn't "need it" unless it is for a very large project (for CPU) and you want it to look very nice on the screen with 3D rendering. For simple parts drawings a 286 with co-processer was tolerable back in the day so any modern desktop system has the grunt for a large portion of CAD work. AutoDesk are infamously slow with development - is the thing multi-threaded yet or is it as if we are we still stuck in 1992 when other CAD was multi-threaded but AutoCAD wasn't?

    2. Re:auto cad needs a better then video card by GigaplexNZ · · Score: 2

      Except Intel doesn't support VT-d on their flagship K series chips... you need the lower end chips to get it. Intels product differentiation makes little to no sense, and their inconsistent support for VT-x caused a hell of a lot of problems with XP mode on Windows 7 when it was released.

    3. Re:auto cad needs a better then video card by Inda · · Score: 2

      We designed cars in 1992 on Spark stations. Multi-surfaced wireframe models, in those days.

      It may have taken a second or two to redraw shaded views, but CPU speeds were never a real issue.

      The biggest problems back then were network problems. "Network going down!" was a common scream around the body design shop and everyone rushed to save their work.

      Solid modelling was done on the same Spark stations in 1999. Once again, no real problems with the hardware.

      I miss Solaris. As a young man, I couldn't believe we were using Win3.1 in the back office, whilst using Solaris for all the important work. The difference between the two was huge.

      --
      This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
    4. Re:auto cad needs a better then video card by swilly · · Score: 2

      The lack of arrows and broken tab completion was a problem with ksh, no matter what Unix variant you ran it on. Ksh can be fixed to provide both features using some hacks in your kshrc, but they aren't obvious. Or, you can just use bash like you do on Linux.

      Of course, the version of bash on Solaris 10 is ancient, but that's a consequence of the philosophy of "if it isn't broke, don't fix it." This philosophy pervades the entire toolchain and the core libraries. This focus on stability is great for servers, but sucks for workstations. Of course, Sun abandoned the workstation market long before the Oracle takeover.

  12. architects by rubycodez · · Score: 4, Insightful

    what the chinese will mostly get is many, many house floorplans, elevations and relfected ceiling plans

  13. Blueprints? by BobandMax · · Score: 4, Funny

    If it can steal blueprints, that is one sophisticated piece of software. It would have to fold them, stuff and seal envelopes, calculate and affix postage and deposit them in the outgoing mail. Wow!

    --

    "Computers are useless. They can only give you answers."
    -- Pablo Picasso
  14. Original research on ACAD/Medre.A at ESET's web si by Aryeh+Goretsky · · Score: 5, Informative

    Hello,

    Somewhat surprised to see that the original research on the worm by ESET has not been mentioned yet on Slashdot. For all those who are interested, here it is:

    From speaking with some of the ESET folks involved in the above, it seems there may be additional details forthcoming.

    Regards,

    Aryeh Goretsky

    --
    Dexter is a good dog.
  15. Re:also Autodesk software needs local admin to run by amaiman · · Score: 2

    also most Autodesk software needs local admin to run right or at least the older ver of it did.

    AutoCAD 2013 (and 2012, and at least a few more versions back) run fine without admin rights. It helps to have write permissions opened up on various AutoCad folders (Program Files\AutoDesk, ProgramData\Autodesk, etc.) to allow for customization, but the application will run fine. Admin rights are only needed at the time of initial installation.