Security researchers have come across a new worm that is meant specifically to steal blueprints, design documents and other files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. However, experts say that the worm’s infection rates are dropping at this point and it doesn’t seem to be part of a targeted attack campaign.
The worm first hit researchers’ radar about six months ago, and when they began digging into the situation, they discovered that not only was the worm highly customized and well-constructed, it seemed to be targeting mostly machines in Peru for some reason. Researchers at Eset notcied a major spike in activity from the worm in Peru two months ago and started the process of figuring out what it was doing and where it came from. What they found is that ACAD/Medre.A was written in AutoLISP, a specialized version of the LISP scripting language that’s used in AutoCAD. (Read More)