The new worm seems to be looking for secret blueprints and marmalade recipes. Security experts have discovered a virus especially designed to steal blueprints, design documents and other content created in the AutoCAD. Eset’s security specialist called the worm ACAD/Medre.A and found it when reading through infected AutoCAD templates. He revealed that the blueprints were mailed to email addresses in China.
The security expert says that the worm’s infection rate is decreasing at this point and it doesn’t look like a part of targeted attack upon a company. The worm first appeared 6 months ago and, mostly interested in machines in Peru.
The worm was written in AutoLISP, a specialized version of AutoCAD scripting language. The hackers used certain URLs to spread the infected template to their targets. Eset’s security expert explained that the plans were to hit the firm and everyone doing business with it. This means that the virus would mostly appear in Peru and nearby countries. It works by modifying the startup file for AutoLISP and going through some configuration routines.
The worm starts sending various AutoCAD drawings received by e-mail to a recipient having an e-mail account at the Chinese 163.com ISP. ACAD/Medre.A uses 22 accounts at 163.com plus 21 accounts at qq.com, another Chinese ISP. The worm accesses smtp.163.com and smtp.qq.com with the different account credentials, and the security expert warns that the users should never allow port 25 to do anything except contacting the Internet service provider and this should be blocked.
According to Kaspersky Labs, the virus was an uncontrolled attack, and at the moment it was hard to identify the target. At least, the worm doesn’t look like government sponsored.
The security expert says that the worm’s infection rate is decreasing at this point and it doesn’t look like a part of targeted attack upon a company. The worm first appeared 6 months ago and, mostly interested in machines in Peru.
The worm was written in AutoLISP, a specialized version of AutoCAD scripting language. The hackers used certain URLs to spread the infected template to their targets. Eset’s security expert explained that the plans were to hit the firm and everyone doing business with it. This means that the virus would mostly appear in Peru and nearby countries. It works by modifying the startup file for AutoLISP and going through some configuration routines.
The worm starts sending various AutoCAD drawings received by e-mail to a recipient having an e-mail account at the Chinese 163.com ISP. ACAD/Medre.A uses 22 accounts at 163.com plus 21 accounts at qq.com, another Chinese ISP. The worm accesses smtp.163.com and smtp.qq.com with the different account credentials, and the security expert warns that the users should never allow port 25 to do anything except contacting the Internet service provider and this should be blocked.
According to Kaspersky Labs, the virus was an uncontrolled attack, and at the moment it was hard to identify the target. At least, the worm doesn’t look like government sponsored.
No comments:
Post a Comment