ESET Warns of New AutoCAD Spy Malware
The security firm says the worm has already stolen tens of thousands of blueprints, representing a 'serious case of suspected industrial espionage.'
"It is believed ACAD/Medre.A was distributed to Peruvian companies via a booby-trapped AutoCAD template that was initially sent to public bodies," writes The Telegraph's Christopher Williams.
"After some configuration, ACAD/Medre.A will begin sending the different AutoCAD drawings that are opened by e-mail to a recipient with an e-mail account at the Chinese 163.com internet provider," writes ESET senior research fellow Righard Zwienenberg. "It will try to do this using 22 other accounts at 163.com and 21 accounts at qq.com, another Chinese internet provider. ... From our analysis of all the used e-mail accounts we can derive the scale of the attack and conclude that tens of thousands of AutoCAD drawings (blueprints) leaked."
"The worm also tries to steal Outlook .PST files and files belonging to the Foxmail email client -- depending on which software the owner of the infected machine uses," writes Help Net Security's Zeljka Zorz.
"ACAD/Medre.A represents a serious case of suspected industrial espionage," Zwienenberg said in a statement. "Every new design is sent automatically to the operator of this malware. Needless to say this can cost the legitimate owner of the intellectual property a lot of money as the cybercriminals have access to the designs even before they go into production. They may even have the guts to apply for patents on the product before the inventor has registered it at the patent office."