Tuesday, December 10, 2013

Industrial Espionage Gets Caddy

via TechRepublic.com...
With all the recent industrial espionage, it was only a matter of time before malware developers would take a look at Computer-Aided Design (CAD) programs as a way to ex-filtrate proprietary documents and drawings from engineering firms...

The first time I read about an AutoCAD malware was last year when ESET.com reported a strange anomaly on their LiveGrid network. It was strange because the malware attacked AutoCAD, but only in Peru of all places.

After some investigation, it was determined the malware ACAD/Medre.A was a worm programmed to send AutoCAD drawings via email to an account (you guessed it) in China. The experts at ESET had this to say:

ACAD/Medre.A is a serious example of suspected industrial espionage. Every new design created by a victim is sent automatically to the authors of this malware...

Something else that ESET pointed out bothered one of my clients when I told them about ACAD/Medre.A: “The attacker may even go so far as to get patents on the product before the inventor has registered it at the patent office. The inventor may not know of the security breach until his patent claim is denied due to prior art.”


...a new trojan popped up on Trend Micro’s radar—ACM_SHENZ.A, and it was targeting AutoCAD programs. But with a twist, the malware was benign. Like most trojans, its job was to gain a foothold on the victim’s computer.

Once safely entrenched, ACM_SHENZ.A obtains administrative rights which make it simple for the malware to create network shares for all drives. The malware also opens ports: 137, 138, 139, and 445. Doing so allows access to files, printers, and serial ports.

Obtaining administrative rights also allows the attacker to plant additional malware. It’s this additional malware, experts at Trend Micro suspect will be used to steal drawings and engineering documents...


CAD drawings are now a valid attack vector. (more)