AutoCAD Worm Medre.A Stealing Designs, Blueprints

Trailrunner7 writes, quoting Threat Post: "Security researchers have come across a worm that is meant specifically to steal blueprints, design documents and other files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. However, experts say that the worm's infection rates are dropping at this point and it doesn't seem to be part of a targeted attack campaign. ... [They] discovered that not only was the worm highly customized and well-constructed, it seemed to be targeting mostly machines in Peru for some reason. ... They found that ACAD/Medre.A was written in AutoLISP, a specialized version of the LISP scripting language that's used in AutoCAD."

this would be a good time to send flawed data

[FudRucker]

use the email addresses to send flawed data to china so they end up trying to build impossible things like what is found in Escher's drawings

Re:Easy to track down

[Charliemopps]

If you count all the custom versions of LISP out there used for scripting inside other applications I think you'd be rather surprised just how many LISP programmers there are. Half of them probably don't even know what they're writing in is based on LISP.

Re:The Law of Unexpected consequences

[trout007]

AutoCAD isn't used by too many serious mechanical engineers anymore. We have moved to parametric CAD like Solid Works, Pro/E, CATIA, ect. Structural Engineers use programs like STAAD that have tools for compiling with structural steel standards. I do know some people that still use AutoCAD for schematic work.

Re:can we stop calling it stealing

OK, don't feed the trolls, but here goes anyway:

There's a bit of a difference: The AutoCAD drawings being stolen were (presumably) never meant to be released to the public. It could very well be theft, as in theft of trade-secret or such. Piracy never enters into it, as it's not a publicly-sold copyrighted work.

You generally don't walk up to a engineering firm and ask to browse their drawings catalog and then offer to buy one. If you somehow did manage to buy a drawing, and if said drawing were copyrighted, and you then turned around and started selling copies of that drawing to others, then that would be piracy (and not theft).

Theft of corporate secrets is indeed theft, since the original owners no longer have the secrets. The "secrecy" part of it is forever gone, even if the drawings remain. The economic loss is easily much, much greater than the corresponding loss due to piracy, namely of one potential sale of a copyrighted work that's otherwise generally available.

Original research on ACAD/Medre.A at ESET's web si

[Aryeh+Goretsky]

Hello,

Somewhat surprised to see that the original research on the worm by ESET has not been mentioned yet on Slashdot. For all those who are interested, here it is:

• ACAD/Medre.A - 10000's of AutoCAD files leaked in suspected industrial espionage - post in ESET's blog by Righard Zwienenberg with high-level overview of the worm
• ACAD/Medre.A Technical Analysis - post in ESET's by Robert Lipovsky which goes into more detail on replication and payload of the worm
• ACAD/Medre.A White Paper [PDF, 2.36MB] - white paper with additional analysis and graphics.
• ESET Threat Encyclopaedia: ACAD/Medre.A - ESET's virus encyclopaedia entry on the worm. Also contains link to a free stand-alone cleaner.

From speaking with some of the ESET folks involved in the above, it seems there may be additional details forthcoming.

Regards,

Aryeh Goretsky