ESET Uncovers ACAD/Medre.A Worm: Tens Of Thousands Of AutoCAD Design Files Leaked in Suspected Industrial Espionage
ESET, the leader in proactive protection celebrating 25 years of its technology this year, has uncovered a worm that targets drawings created in AutoCAD software for computer-aided design (CAD). Recently the worm, ACAD/Medre.A, showed a big spike in Peru on ESET’s LiveGrid® (a cloud-based malware collection system utilizing data from ESET users worldwide). ESET’s research shows that the worm steals files and sends them to email accounts located in China. ESET has worked with Chinese ISP Tencent, Chinese National Computer Virus Emergency Response Center and Autodesk, the creator of AutoCAD, to stop the transmission of these files. ESET confirms that tens of thousands of AutoCAD drawings, primarily from users in Peru, were leaking at the time of the discovery. ESET has made a free stand-alone cleaner available at: http://download.eset.com/special/EACADMedreCleaner.exe
“After some configuration, ACAD/Medre.A sends opened AutoCAD drawings by e-mail to a recipient with an e-mail account at the Chinese 163.com internet provider. It will try to do this using 22 other accounts at 163.com and 21 accounts at qq.com, another Chinese internet provider,” says ESET Senior Research Fellow Righard Zwienenberg.
“ACAD/Medre.A represents a serious case of suspected industrial espionage. Every new design is sent automatically to the operator of this malware. Needless to say this can cost the legitimate owner of the intellectual property a lot of money as the cybercriminals have access to the designs even before they go into production. They may even have the guts to apply for patents on the product before the inventor has registered it at the patent office,” adds Zwienenberg.
ESET has made a free stand-alone cleaner available for public use. Upon the realization of the magnitude of this threat ESET reached out to Tencent, the owner of the qq.com domain. ESET also established contact with Autodesk. Thanks to the swift actions of ESET and Tencent, the accounts used for relaying the e-mails with the drawings have been blocked and further leakage has been prevented.
ESET research teams around the globe have observed a small number of infections in other Latin American countries along with Peru. In addition, the high number of infections observed in Peru might also be explained by the fact that malware disguised as AutoCAD files may have been distributed to companies that were conducting business with public services in Peru. This leads us to think organizations in this country might have been the primary target of the ACAD/Medre.A operators. ESET is in contact with the local authorities to remediate the affected website.
“If there is one thing that becomes obvious from this piece of malware engaging in suspected industrial espionage is that reaching out to other parties to prevent further damage really works. Without the assistance of Autodesk, Tencent and Chinese National Computer Virus Emergency Response Center which helped ESET in taking down of dropsites and delivery chains, it would have been relatively easy only to clean already affected systems, but systems that would not be cleaned could have continued to be leaking their designs,” says ESET Chief Research Officer Juraj Malcho.
For more information about ACAD/Medre.A worm, please visit ESET Threat Center Blog.
ESET’s free stand-alone cleaner is available at: http://download.eset.com/special/EACADMedreCleaner.exe
ESET, the pioneer of proactive protection and the maker of the award-winning NOD32 technology which is celebrating its 25th anniversary in 2012, is a global provider of security solutions for businesses and consumers. The Company continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. ESET has been selected as one of the most innovative companies in Europe for the 2011 HSBC European Business Awards and holds number of accolades from AV-Comparatives, AV Test and other organizations. ESET NOD32 Antivirus, ESET Smart Security and ESET Cyber Security for Mac are trusted by millions of global users and are among the most recommended security solutions in the world.
The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Sao Paulo (Brazil) and Prague (Czech Republic). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Cracow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network for more than 180 countries.