Malware Authors Targeting CAD User
Malware authors are crafty, they will attempt to infect anyone and anything, and nothing is sacred with them. That’s why the news of Malware targeting CAD (Computer-Aided Design) files isn’t too surprising.
According to information from August 7, and updated detection notes released by Trend Micro this morning, there were indeed Malware attacks on files used by one of the more-known CAD related programs, Autodesk’s AutoCAD.
The Malware, which is confirmed for Windows XP, NT, and Server 2003, has been around since 2005 or so. It works exactly like the Malware that attacks the various files used in the Microsoft Office suite, and can come as a payload from any malicious source.
Once the system is infected, a malicious AutoCAD macro (acad.vlx ) is loaded as the payload. The Macro will replicate across various AutoCAD files and directories, while at the same time loading a registry file that disables firewall settings and using the NET USER command to create an administrator account. The newly created administrator account will use the NET SHARE account to share drives on the system (C to I), leading to more infection points across a network.
So the attack surface and various vectors are not the interesting aspect to this story. No, the interesting aspect is that AutoCAD files are being targeted. There are millions of AutoCAD systems in use in the U.S. alone, most of them are in large networks, and like any other operation there are gaps to the layers of security in place.
Trend Micro, as well as a few other vendors are detecting the Malware, but the delivery system can change. So the best protection will come from consistent updates with regard to security. While the report from Autodesk, centers on the AutoCAD Malware, there is no reason to assume that is the only malicious code dropped to an infected system.
For those who need it, Autodesk as posted a fix of sorts to remove the malicious files. You can access that here.