Slashdot Mirror
I've Got a Bridge To Sell You. Why AutoCAD Malware Keeps Chugging On (arstechnica.com)
Criminal hackers continue to exploit a feature in Autodesk's widely used AutoCAD program in an attempt to steal valuable computer-assisted designs for bridges, factory buildings, and other projects, researchers say. From a report: The attacks arrive in spear-phishing emails and in some cases postal packages that contain design documents and plans. Included in the same directory are camouflaged files formatted in AutoLISP, an AutoCAD-specific dialect of the LISP programming language. When targets open the design document, they may inadvertently cause the AutoLISP file to be executed. While modern versions of AutoCAD by default display a warning that a potentially unsafe script will run, the warnings can be disregarded or suppressed altogether. To make the files less conspicuous, the attackers have set their properties to be hidden in Windows and their contents to be encrypted.
The attacks aren't new. Similar ones occurred as long ago as 2005, before AutoCAD provided the same set of robust defenses against targeted malware it does now. The attacks continued to go strong in 2009. A specific campaign recently spotted by security firm Forcepoint was active as recently as this year and has been active since at least 2014, an indication that malware targeting blueprints isn't going away any time soon. [...] Forcepoint said it has tracked more than 200 data sets and about 40 unique malicious modules, including one that purported to include a design for Hong Kong's Zhuhai-Macau Bridge.
The attacks aren't new. Similar ones occurred as long ago as 2005, before AutoCAD provided the same set of robust defenses against targeted malware it does now. The attacks continued to go strong in 2009. A specific campaign recently spotted by security firm Forcepoint was active as recently as this year and has been active since at least 2014, an indication that malware targeting blueprints isn't going away any time soon. [...] Forcepoint said it has tracked more than 200 data sets and about 40 unique malicious modules, including one that purported to include a design for Hong Kong's Zhuhai-Macau Bridge.
It's honestly kind of a pity that AutoCAD is still a thing. Classic example of network effects much like Microsoft Office. People use it because other people use it more than because of the merits of the software. As software goes it's fine (more or less) but it annoys me that there never has been (to my knowledge) any leading edge CAD software that is open source. Yes there are some options but they tend to trail the closed source options rather badly - often to the point of being basically toys in comparison. To be fair it's a hard problem that requires a lot of domain expertise and math chops. Probably are some patent issues too. But AutoCAD was showing its age decades ago and while it's continued to improve, it's kind of shocking the open source community hasn't provided a viable alternative in the last 20 years to AutoCAD, Solidworks and the rest of the CAD offerings for professional engineering use.