By Mark Sutton
ESET.com.
ESET senior research fellow Righard Zwienenberg commented: “After some configuration, ACAD/Medre.A sends opened AutoCAD drawings by e-mail to a recipient with an e-mail account at the Chinese 163.com internet provider. It will try to do this using 22 other accounts at 163.com and 21 accounts at qq.com, another Chinese internet provider.
“ACAD/Medre.A represents a serious case of suspected industrial espionage. Every new design is sent automatically to the operator of this malware. Needless to say this can cost the legitimate owner of the intellectual property a lot of money as the cybercriminals have access to the designs even before they go into production. They may even have the guts to apply for patents on the product before the inventor has registered it at the patent office,” added Zwienenberg.
“If there is one thing that becomes obvious from this piece of malware engaging in suspected industrial espionage is that reaching out to other parties to prevent further damage really works. Without the assistance of Autodesk, Tencent and Chinese National Computer Virus Emergency Response Center which helped ESET in taking down of dropsites and delivery chains, it would have been relatively easy only to clean already affected systems, but systems that would not be cleaned could have continued to be leaking their designs,” says ESET chief research officer Juraj Malcho.
Original Article
Security company ESET says that it has detected malware that has been stealing AutoCAD computer-aided design files.
The ‘ACAD/Medre.A’ worm appears to have been distributed disguised within AutoCAD files, and then attempted to steal AutoCAD files from infected machines and mailed them to several email accounts in China.
The infection primarily infected computers in Peru, and a few other Latin American companies, and ESET believes the attack was an attempt to steal files related to public services in Peru.
ESET says that it has worked with Chinese ISP Tencent, Chinese National Computer Virus Emergency Response Center and Autodesk to block the email accounts that were harvesting stolen data. It has also released a free stand-alone cleaner available at