AutoCAD Worm Medre.A Stealing Designs, Blueprints 139
Trailrunner7 writes, quoting Threat Post: "Security researchers have come across a worm that is meant specifically to steal blueprints, design documents and other files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. However, experts say that the worm's infection rates are dropping at this point and it doesn't seem to be part of a targeted attack campaign. ... [They] discovered that not only was the worm highly customized and well-constructed, it seemed to be targeting mostly machines in Peru for some reason. ... They found that ACAD/Medre.A was written in AutoLISP, a specialized version of the LISP scripting language that's used in AutoCAD."
I vote we call it Bawney Fwank (Score:4, Funny)
also Autodesk software needs local admin to run ri (Score:5, Interesting)
also most Autodesk software needs local admin to run right or at least the older ver of it did.
Re:also Autodesk software needs local admin to run (Score:2)
Well my copy of 2012 does, otherwise it won't work at all. I don't know if 2013 does. Maybe someone who's company has sprung for the new version can chime in. Nothing like "gaping ass wide security hole" to make your day is there? Err never mind...that could probably lead to a 13 year old joke.
Re:also Autodesk software needs local admin to run (Score:3)
I'm going to ball CS, I install Autocad for many of my customer's users, and I haven't needed to give them admin privileges since version 2007 I think.
Re:also Autodesk software needs local admin to run (Score:2)
Or does AutoCAD have some horrible DRM system that would get in the way of that approach?
auto cad needs a better then video card (Score:5, Informative)
auto cad needs a better then video card what most vm have. Also can use a lot of cpu power.
Re:auto cad needs a better then video card (Score:2)
Re:auto cad needs a better then video card (Score:3)
Re:auto cad needs a better then video card (Score:2)
The problem is that people don't expect that they have to pay that close attention to what they're buying to make sure they get all the features. You would think that buying an i7, which is Intel's top of the line desktop chip, would mean it would include all the features of the lower end desktop chips. But that's not always the case.
Re:auto cad needs a better then video card (Score:3)
Re:auto cad needs a better then video card (Score:3)
It may have taken a second or two to redraw shaded views, but CPU speeds were never a real issue.
The biggest problems back then were network problems. "Network going down!" was a common scream around the body design shop and everyone rushed to save their work.
Solid modelling was done on the same Spark stations in 1999. Once again, no real problems with the hardware.
I miss Solaris. As a young man, I couldn't believe we were using Win3.1 in the back office, whilst using Solaris for all the important work. The difference between the two was huge.
Re:auto cad needs a better then video card (Score:2)
Re:auto cad needs a better then video card (Score:2)
Solaris, where simple things like pressing the up arrow in the terminal don't work (or was it tab completion, one of the two, don't remember which).
Solaris is like Linux, except that everything is a little worse.
Maybe back in those days you mentioned it was good compared to the rest then... But maybe today it's still like it was in 1992 or so?
Re:auto cad needs a better then video card (Score:3)
The lack of arrows and broken tab completion was a problem with ksh, no matter what Unix variant you ran it on. Ksh can be fixed to provide both features using some hacks in your kshrc, but they aren't obvious. Or, you can just use bash like you do on Linux.
Of course, the version of bash on Solaris 10 is ancient, but that's a consequence of the philosophy of "if it isn't broke, don't fix it." This philosophy pervades the entire toolchain and the core libraries. This focus on stability is great for servers, but sucks for workstations. Of course, Sun abandoned the workstation market long before the Oracle takeover.
Re:also Autodesk software needs local admin to run (Score:2)
Option 2 for the win
Re:also Autodesk software needs local admin to run (Score:2)
Re:also Autodesk software needs local admin to run (Score:2)
A friend of mine told me about a studio he worked for where they got explicit permission from Autodeks to use cracks for Maya so they wouldn't have to deal with the copy protection.
Re:also Autodesk software needs local admin to run (Score:1)
Re:also Autodesk software needs local admin to run (Score:3)
also most Autodesk software needs local admin to run right or at least the older ver of it did.
AutoCAD 2013 (and 2012, and at least a few more versions back) run fine without admin rights. It helps to have write permissions opened up on various AutoCad folders (Program Files\AutoDesk, ProgramData\Autodesk, etc.) to allow for customization, but the application will run fine. Admin rights are only needed at the time of initial installation.
Re:also Autodesk software needs local admin to run (Score:1)
can we stop calling it stealing (Score:4, Funny)
It's just sharing. Information wants to be free! Remember?
Re:can we stop calling it stealing (Score:1, Insightful)
It's just sharing. Information wants to be free! Remember?
On slashdot, information wants to be free and there's no such thing as intellectual property when it's the RIAA or MPAA. When it's someone we like, then the group think is very, very different. Suddenly, artificial scarcity is fine, it's wrong to copy someone else's creation against their will.
Re:can we stop calling it stealing (Score:5, Insightful)
OK, don't feed the trolls, but here goes anyway:
There's a bit of a difference: The AutoCAD drawings being stolen were (presumably) never meant to be released to the public. It could very well be theft, as in theft of trade-secret or such. Piracy never enters into it, as it's not a publicly-sold copyrighted work.
You generally don't walk up to a engineering firm and ask to browse their drawings catalog and then offer to buy one. If you somehow did manage to buy a drawing, and if said drawing were copyrighted, and you then turned around and started selling copies of that drawing to others, then that would be piracy (and not theft).
Theft of corporate secrets is indeed theft, since the original owners no longer have the secrets. The "secrecy" part of it is forever gone, even if the drawings remain. The economic loss is easily much, much greater than the corresponding loss due to piracy, namely of one potential sale of a copyrighted work that's otherwise generally available.
Re:can we stop calling it stealing (Score:1)
if said drawing were copyrighted, and you then turned around and started selling copies of that drawing to others, then that would be piracy (and not theft).
From Wikipedia, the free encyclopedia:
"Piracy is an act of robbery or criminal violence at sea. "
the RIAA or MPAA have not only coluded your civil rights already, they aren't only a serious threat for your freedom of speech, they have already hijacked your language, thus effectively manipulating and screwing your thinking. sad.
Re:can we stop calling it stealing (Score:1)
if said drawing were copyrighted, and you then turned around and started selling copies of that drawing to others, then that would be piracy (and not theft).
From Wikipedia, the free encyclopedia: "Piracy is an act of robbery or criminal violence at sea. "
the RIAA or MPAA have not only coluded your civil rights already, they aren't only a serious threat for your freedom of speech, they have already hijacked your language, thus effectively manipulating and screwing your thinking. sad.
ok, that is very selective copying from Wikipedia, and it doesn't help our cause to become the fud side. Not only do Wikipedia have a list [wikipedia.org] of what piracy also may refer to, including copyright infringement. But also tells you that the use of "piracy" in context of copyright infringement dates back to 1603 [wikipedia.org] (a bit before RIAA/MPAA could "hijack the language") and has been a common term for this since, including in the 1886 Berne Convention [wikipedia.org].
Re:can we stop calling it stealing (Score:2)
Yarrr!
Re:can we stop calling it stealing (Score:2)
The AutoCAD drawings being stolen were (presumably) never meant to be released to the public
Pirated music was never made available to the public to download for free either.
I feel like there is a difference there. The act of "piracy" is one of taking something that was shared to you willingly (EG. a burnt CD from a friend), without paying a tithe to the owner of that "idea." Accessing someone's private information and taking it from them against their will seems much more morally reprehensible to me.
Re:can we stop calling it stealing (Score:2)
Re:can we stop calling it stealing (Score:5, Insightful)
The correct description of this is industrial espionage.
Re:can we stop calling it stealing (Score:2)
Are you sure about that? Under the Berne Convention, copyright is automatic, and is the original creator's exclusive right of copying. It shouldn't matter whether it's intended for publication or not.
Re:can we stop calling it stealing (Score:2)
Re:can we stop calling it stealing (Score:2)
Thanks. But if you don't have a clue about copyright law, why state your inane bullshit as facts?
Re:can we stop calling it stealing (Score:2)
Re:can we stop calling it stealing (Score:2)
Yes, but you still don't know anything about copyright law, and the U.S. has in fact enacted the Berne Convention since 1989. You don't have to repeat all that to prove, once again, that you know nothing about U.S. copyright law. Idiot.
Re:can we stop calling it stealing (Score:3)
On slashdot, information wants to be free and there's no such thing as intellectual property when it's the RIAA or MPAA.
Correct. There isn't a better example than the The Oatmeal saga.
Re:can we stop calling it stealing (Score:3)
And we're supposed to feel bad about it. Do I have that right? We're supposed to feel bad?
Re:can we stop calling it stealing (Score:2)
Because there is difference between independently duplicating published material and converting someone else's property for your use, getting their computer to publish materials to you in this case.
I and I expect many other Slashdot readers would argue the harm here is the using of a computer that does not belong to you to do something you have not been given permission to do. I also think exposing trade secrets and duplication copyrighted works need to be thought about differently. In the case of copyright infringement you are looking at stuff that has been make publicly available by the author; with trade secrets its a question of confidentiality and privacy.
Ah, but which information? (Score:0)
...And the information that wants to be free the most is who wrote it, why, and where they live.
Then some angry engineers with metal meter-sticks and such want to share some kinesthetic/tactile information with the perpetrator. At length. (Precisely measured.)
Re:Ah, but which information? (Score:2)
Re:can we stop calling it stealing (Score:5, Funny)
The CADS. Have they no honour? (spelt this way 'cuz it looks better)
Re:can we stop calling it stealing (Score:5, Funny)
Re:can we stop calling it stealing (Score:5, Interesting)
there might be some truth [washingtontimes.com] to that:
Success! (Score:0)
My company uses the comparitively archaic Microstation! Victory at last!
LISP is so great (Score:5, Funny)
That it's finally expanded into the virus industry!
Re:LISP is so great (Score:1)
No... it has just become self aware, and is doing this on its own for reasons we cannot possibly comprehend.
Re:LISP is so great (Score:3)
Re:LISP is so great (Score:0)
Was that a question.
Re:LISP is so great (Score:0)
Was that a question!
Re:LISP is so great (Score:2)
P!
It is jsut so that they can re-create Peru (Score:3)
Why else would they take their designs?
It makes cloning villages much eaier if you have the blue-prints.
I bet these guys http://idle.slashdot.org/story/12/06/22/0022251/china-pirates-austrian-village [slashdot.org] would have loved the blue-prints before they started
Re:It is jsut so that they can re-create Peru (Score:3)
Re:It is jsut so that they can re-create Peru (Score:2)
More likely that it is a fishing expedition and they really are after engineering documentation and technical drawings of a more secret kind. Building plans might have some useful bits to copy nut are likely to attract the kind of skills to create the worm. This could very well be just the first version. M$ windows and the applications running on top of it seem to have become the vector for wide ranging worms, viruses and trojans released by government espionage agencies running Linux ie they are safe screw everyone else. In wide ranging global fishing expeditions just to see what they can get, with no regard for unintended consequences. US lead the way into what is likely to cause M$ a lot of security based fiscal harm.
been known a while (Score:0)
It's been known for many years that China is engaging in wide-scale corporate cyber-espionage. Anyone who got caught by this deserves what they got.
I'm sorry I no longer have the link handy, but Chinese nationals caught performing in-person corporate espionage in various countries have admitted straight out that such espionage is a top priority of the government there. It funds stays abroad and you are expected to "bring something back" to China when you return. That's not to say they all do it - lots of them are honest and intentionally return worthless data or otherwise subvert the intent. But also, lots do it too, and it's really easy any more now that we have multi-gigabyte micro-SD cards. Combined with the cyber-espionage, China is finding shortcuts to go from an agrarian society just a generation ago, to competing with the best technology from the west and Japan. That might not be a bad thing, either - increases their standard of living for instance and helps with the problems they had formerly with widespread starvation.
Anyway point is this should not be a surprise to ANY western company.
Easy to track down (Score:5, Funny)
Just arrest all LISP programmers and beat them up until they talk. There aren't many anyways.
Re:Easy to track down (Score:5, Interesting)
Re:Easy to track down (Score:3)
There aren't many anyways
Clojure is becoming pretty popular these days, and there are plenty of not-so-trendy places where you see Scheme and Common Lisp being used. Also, do not forget that a certain widely used text editor is mostly written in Lisp, and that there are plenty of developers working on that editor.
Oh, yeah, and AutoCAD macros, but I am not sure how many people are writing those...
Re:Easy to track down (Score:2)
It used to be a major selling point of AutoCAD and why I hated using the light version where repetive tasks couldn't be automated (I even imported data from spreadsheets and did decent graphs in CAD instead of the shit line graphs in MS Excel at the time). Then I just got used to not doing macros, and moved on to use other CAD that was not as shitty as AutoCAD LT. Now python has some DXF functions so you can do things to exported drawings as batch jobs or generate drawings from data without touching CAD at all.
Re:Easy to track down (Score:3)
Re:Easy to track down (Score:2)
Free Tibet! (Score:0)
I think the best thing to do would be to flood those addresses with AutoCAD blue-prints of the Tibetan flag.
Uh oh. (Score:0)
You see, we were using AutoCAd to design this Moon based "LASER" called the Allen Parson's Project.
This "LASER" and its subsequent installation was designed on AutoCad. I can't really state what I - er, - We were going to do with this "LASER" . All I can say it that the Chinese now have it.
I'd also like to report that a whole tankful of Sharked - with let;s say "devices" - strapped to their head have gone missing.
That is all,
S. Evil; MS (I haven't gotten my doctorate yet,) Bwahahahahahahhahahahah! AHAHAHAHAHAHAHAHAHHAAHHAHAH@! AHHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAAHAH!
this would be a good time to send flawed data (Score:5, Funny)
The Coming Poiuyt Gap. (Score:4, Funny)
But then they will be building the impossible while we only build the possible. They will have assumed that we have working Poiuyts and attempt to build them themselves, not knowing that they don't work. The biggest problem in not getting something done is assuming it can't be done. The Chinese will assume it can be done, and do it.
We will then be having generals and captains of industry bemoaning the Poiuyt Gap, which must be closed and we will spend trillions building Poiuyts.
--
BMO - What, me worry?
Re:The Coming Poiuyt Gap. (Score:2)
Re:The Coming Poiuyt Gap. (Score:3)
nope
Re:The Coming Poiuyt Gap. (Score:1)
I know. that guy must NOT like chinese poontang. racist asshole.
The Law of Unexpected consequences (Score:5, Interesting)
A brand new install of Autocad costs $3,995 and up. It produces files that have a distinctive extension, making them easy to identify and to tell from other types of documents without even having to examine internal code. Any file produced by a legal autocad install was made by somebody who paid serious money to be able to do so. Ergo, if someone can harvest a thousand Autocad files at random, a high proportion of them will be of valuable, useful stuff.
Fighting warez sites distributing Autocad means, if the company is successful, a higher percentage of the documents made with it will be the valuable stuff. At 4K a legitimate copy, actually stopping a high percentage of 'pirates' means increasing the danger to your own legitimate users.
If going through 10,000 autocad documents means finding, say, a dozen new patent filings and diagrams, two trade secret process designs for million dollar product lines, a few archetectural blueprint packages, and such, it becomes worth a government paying a programming team to write the software and putting three or four fulltime engineers and a few technicians on just evaluating those documents for the 'good' ones. If there were a thousand bootleg copies of the software for every legitimate one, that government might not bother to go through 10 million documents for about the same haul, as most of the bootleg copies won't be producing anything worth that much.
Re:The Law of Unexpected consequences (Score:5, Informative)
AutoCAD isn't used by too many serious mechanical engineers anymore. We have moved to parametric CAD like Solid Works, Pro/E, CATIA, ect. Structural Engineers use programs like STAAD that have tools for compiling with structural steel standards. I do know some people that still use AutoCAD for schematic work.
Re:The Law of Unexpected consequences (Score:2)
ah, that makes it so much more espionage proof.
Re:The Law of Unexpected consequences (Score:4, Insightful)
Re:The Law of Unexpected consequences (Score:1)
I'm in the construction field (architecture more specifically), and we left AutoCAD years ago for more advanced BIM software. And I'm in a part of the country that is somewhat behind our industry curve.
AutoCad is far from top dog. Compared to tools like Revit, it is just a dog. I'll never go back.
Re:The Law of Unexpected consequences (Score:5, Informative)
Well in manufacturing you may be correct but in construction AutoDesk is still a top dog.
AutoCad is far from top dog. Compared to tools like Revit, it is just a dog. I'll never go back.
Revit is made by Autodesk.
Re:The Law of Unexpected consequences (Score:2)
Re:The Law of Unexpected consequences (Score:2)
Gotta love Autodesk, they're so committed to customer choice they have like three competing products in each category.
architects (Score:5, Insightful)
what the chinese will mostly get is many, many house floorplans, elevations and relfected ceiling plans
Re:architects (Score:2)
The Chinese do do a lot of copycat architecture [nationalgeographic.com], model cities after other famous locations, etc. It is strangely plausible that this could actually be some kind of art heist. . . .
Re:architects (Score:2)
what the chinese will mostly get is many, many house floorplans, elevations and relfected ceiling plans
And of course, lacking human resource to take the time to peruse the captured information they'll just throw their hands up and say 'Oh well I guess it's not worth stealing 100,000 designs to get one or two really good ones..." /ironyoff
Re:architects (Score:2)
The only person I know who actually owns a copy of AutoCAD is an interior designer.
Good luck lifting all those living-room designs. I think the inbox associated with the worm overflowed for a reason - nobody ever bothered to check it after the first several million examples, samples, minor designs and things totally uninteresting to anyone but the person who made the files (e.g. a house plan of some unknown suburban semi so they could see where the sofa could fit).
Re:The Law of Unexpected consequences (Score:2)
Re:The Law of Unexpected consequences (Score:2)
I'm a bit surprised that it is worth it though. The vast majority of autocad drawings are really boring - building layouts, miscellaneous machine parts etc. It would be very labor intensive to go through zillions of stolen drawings to try to figure out which ones were actually valuable.
OTOH, this could be a sort of demonstration run. Once they find out how to quietly steal drawings, they might be able to modify the code to look for specific drawings from specific companies or government sites. They might be helped here by government agencies who have a uniform drawing numbering and description system.
Re:The Law of Unexpected consequences (Score:2)
I'm a bit surprised that it is worth it though. The vast majority of autocad drawings are really boring ... miscellaneous machine parts etc
Do you have ANY idea how much margin there is in spare parts? I have worked at several companies that lose money on the front end and make it up on scheduled maintenance. Hence our big customers are constantly badgering us for "detailed part drawings" of sub components. They can ask, and they can get politely refused. I.e. "You paid for the machine, you did not pay for the engineering that went into it. Otherwise the price would have been 2-3 orders of magnitude higher." or, somewhat less adroitly "No, we will not give you enough information to go to Ma&Pa machine shop down the street who will undercut us by 40%-60%"
Re:The Law of Unexpected consequences (Score:2)
If there were a thousand bootleg copies of the software for every legitimate one, that government might not bother to go through 10 million documents for about the same haul, as most of the bootleg copies won't be producing anything worth that much.
Wait, so the problem is that the Chinese are stealing people's blueprints, and your "solution" is to have people steal software? That's got to be the most twisted defense of piracy I've ever seen. I mean, if it's morally acceptable to take a piece of software that retails for $4000 without paying for it, then isn't it also morally acceptable for the Chinese to steal those blueprints? If it's okay to steal software, movies, and music because "information wants to be free" then its okay for the Chinese to, say, swipe the design for an American manufactured wind turbine because "information wants to be free". The whole argument that it's not really theft when you download an MP3 because you're not depriving them of an actual object would also apply to the manufacturer. The Chinese didn't actually take anything from them, all they did was rip off the design. It seems to me that either the creator has the right to control the distribution of the intellectual property or they don't.
Re:The Law of Unexpected consequences (Score:2)
Wait, so the problem is that the Chinese are stealing people's blueprints, and your "solution" is to have people steal software? That's got to be the most twisted defense of piracy I've ever seen. I mean, if it's morally acceptable to take a piece of software that retails for $4000 without paying for it, then isn't it also morally acceptable for the Chinese to steal those blueprints?
Actually, the first action is unlikely to significantly reduce Autodesk's revenues, however, the second action plus Chinese companies selling cheaper knock-offs of your stuff can put your engineering company out of business. So if you're pragmatic, yes, the GP is on to something here.
Worm targets Windows machines .. (Score:1)
Does this 'worm` run on any other system except Microsoft Windows?
Re:Worm targets Windows machines .. (Score:2)
Oh people, please make bogus AutoCAD plans! (Score:1)
If you are infected with this, please please make bogus plans for exotic weapons, marital aides and artistic expressions.
Please salt those wounds!
Ahem (Score:2)
-------
My other car is a cdr.
Re:Ahem (Score:2)
Blueprints? (Score:5, Funny)
If it can steal blueprints, that is one sophisticated piece of software. It would have to fold them, stuff and seal envelopes, calculate and affix postage and deposit them in the outgoing mail. Wow!
Original research on ACAD/Medre.A at ESET's web si (Score:5, Informative)
Hello,
Somewhat surprised to see that the original research on the worm by ESET has not been mentioned yet on Slashdot. For all those who are interested, here it is:
From speaking with some of the ESET folks involved in the above, it seems there may be additional details forthcoming.
Regards,
Aryeh Goretsky
Re:Original research on ACAD/Medre.A at ESET's web (Score:2)
Hello,
Somewhat surprised to see that the original research on the worm by ESET has not been mentioned yet on Slashdot. For all those who are interested, here it is:
From speaking with some of the ESET folks involved in the above, it seems there may be additional details forthcoming.
Regards,
Aryeh Goretsky
Thanks for this..up until your post I actually thought it was called Merde.A...
Re:Original research on ACAD/Medre.A at ESET's web (Score:2)
I checked the technical analysis document: the file involved is a fas file, that is compiled lisp. It's called acad.fas , maybe this increases the chances it gets executed automatically. The source in this case a mixture of vbs and lisp,probably the lisp file writes vbs scripts.
I think it can be made by a single person.
Re:Original research on ACAD/Medre.A at ESET's web (Score:2)
Yes, an acad.fas file next to a drawing will be loaded automatically if you open the drawing by doubleclicking on it.
Chinese mailboxes neq China (Score:2)
Re:Chinese mailboxes neq China (Score:2)
Yeah. The only connection to China is that the email accounts are on 163.com and qq.com, popular Chinese free email providers. But anyone can set up an account on these websites, in any country. Just go to e.g. http://reg.email.163.com/mailregAll/reg0.jsp?from=163mail [163.com] , type in the email address and password you want, and viola. The toughest part would probably be the chinese language captcha, but that's not impossible to get through with a handwriting IME, even if you don't know Chinese.
Not the First Time (Score:1)
thingiverse does not have this problem (Score:2)
you see, we actually WANT you to share blueprints and designs.
Re:China (Score:2)
I'm SHOCKED that Chinese email addresses seem to be involved. SHOCKED... and we will continue to do business with these lying cheating bastards who are waging economic warfare with the US until we send our last dollar there.
um this is a attack on puru no the US. you can calm down now besides haven't you ever heard of hosted servers, they can be leased anywhere in the world and china would be a great place to put get one because they aren't likely to sell you out without large amounts of money being involved
Re:China (Score:2)
The evidence here that points to China seems about as strong as claiming a scam using Gmail means it's by the US. I.e. not at all.
Re:China (Score:2)
Here you go, after five minutes of fiddling:
slashdot1234@163.com
password: qwerty
There, go log in at http://mail.163.com/ [163.com] . Now you too can be (allegedly) a Chinese super hacker!