Forgot your password?
typodupeerror
Security IT

AutoCAD Worm Medre.A Stealing Designs, Blueprints 139

Posted by Unknown Lamer
from the will-emacs-be-next? dept.
Trailrunner7 writes, quoting Threat Post: "Security researchers have come across a worm that is meant specifically to steal blueprints, design documents and other files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. However, experts say that the worm's infection rates are dropping at this point and it doesn't seem to be part of a targeted attack campaign. ... [They] discovered that not only was the worm highly customized and well-constructed, it seemed to be targeting mostly machines in Peru for some reason. ... They found that ACAD/Medre.A was written in AutoLISP, a specialized version of the LISP scripting language that's used in AutoCAD."
This discussion has been archived. No new comments can be posted.

AutoCAD Worm Medre.A Stealing Designs, Blueprints

Comments Filter:
  • by Anonymous Coward on Monday June 25, 2012 @08:27PM (#40447045)
    Because it's written in LISP.
  • by Joe_Dragon (2206452) on Monday June 25, 2012 @08:28PM (#40447059)

    also most Autodesk software needs local admin to run right or at least the older ver of it did.

    • by Mashiki (184564)

      Well my copy of 2012 does, otherwise it won't work at all. I don't know if 2013 does. Maybe someone who's company has sprung for the new version can chime in. Nothing like "gaping ass wide security hole" to make your day is there? Err never mind...that could probably lead to a 13 year old joke.

      • I'm going to ball CS, I install Autocad for many of my customer's users, and I haven't needed to give them admin privileges since version 2007 I think.

      • Run it in a VM, using a fresh VM image before each use.

        Or does AutoCAD have some horrible DRM system that would get in the way of that approach?
        • by Joe_Dragon (2206452) on Monday June 25, 2012 @09:57PM (#40447795)

          auto cad needs a better then video card what most vm have. Also can use a lot of cpu power.

          • Sure, although with IOMMUs being widely deployed on PCs and hardware being more virtualization-friendly these days, it should not be long before running AutoCAD in a VM is not so annoying.
            • Except Intel doesn't support VT-d on their flagship K series chips... you need the lower end chips to get it. Intels product differentiation makes little to no sense, and their inconsistent support for VT-x caused a hell of a lot of problems with XP mode on Windows 7 when it was released.
          • by dbIII (701233)
            That entirely depends on what you do with it, it doesn't "need it" unless it is for a very large project (for CPU) and you want it to look very nice on the screen with 3D rendering. For simple parts drawings a 286 with co-processer was tolerable back in the day so any modern desktop system has the grunt for a large portion of CAD work. AutoDesk are infamously slow with development - is the thing multi-threaded yet or is it as if we are we still stuck in 1992 when other CAD was multi-threaded but AutoCAD w
            • by Inda (580031)
              We designed cars in 1992 on Spark stations. Multi-surfaced wireframe models, in those days.

              It may have taken a second or two to redraw shaded views, but CPU speeds were never a real issue.

              The biggest problems back then were network problems. "Network going down!" was a common scream around the body design shop and everyone rushed to save their work.

              Solid modelling was done on the same Spark stations in 1999. Once again, no real problems with the hardware.

              I miss Solaris. As a young man, I couldn't believe we
              • by P-niiice (1703362)
                Appliance design was done on the same platforms, until parametric design took over.
              • Solaris, where simple things like pressing the up arrow in the terminal don't work (or was it tab completion, one of the two, don't remember which).

                Solaris is like Linux, except that everything is a little worse.

                Maybe back in those days you mentioned it was good compared to the rest then... But maybe today it's still like it was in 1992 or so?

                • by swilly (24960)

                  The lack of arrows and broken tab completion was a problem with ksh, no matter what Unix variant you ran it on. Ksh can be fixed to provide both features using some hacks in your kshrc, but they aren't obvious. Or, you can just use bash like you do on Linux.

                  Of course, the version of bash on Solaris 10 is ancient, but that's a consequence of the philosophy of "if it isn't broke, don't fix it." This philosophy pervades the entire toolchain and the core libraries. This focus on stability is great for serve

        • Option 2 for the win

        • by dbIII (701233)
          It used to. I still have a dongle for the way overpriced student version that was still crippled in other ways.
        • by EnsilZah (575600)

          A friend of mine told me about a studio he worked for where they got explicit permission from Autodeks to use cracks for Maya so they wouldn't have to deal with the copy protection.

      • Well for us 2012 does not seem to need admin to run; although you need to run as admin once to do the performance optimization/video card thing.
    • by amaiman (103647)

      also most Autodesk software needs local admin to run right or at least the older ver of it did.

      AutoCAD 2013 (and 2012, and at least a few more versions back) run fine without admin rights. It helps to have write permissions opened up on various AutoCad folders (Program Files\AutoDesk, ProgramData\Autodesk, etc.) to allow for customization, but the application will run fine. Admin rights are only needed at the time of initial installation.

    • by JBdH (613927)
      I cannot remember any version of AutoCAD (and I am started administrating AutoCAD systems from version 10) needing local admin rights to run. AutoCAD has been one of the few apps to support non-admin users as soon as windows enabled that feature (windows NT3.5 anyone?). Only if you seriously mess up your AutoCAD settings inside your user profile or the registry will this happen. Of course you're messing with those if you don't pay for the software you use...
  • by Anonymous Coward on Monday June 25, 2012 @08:35PM (#40447123)

    It's just sharing. Information wants to be free! Remember?

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      It's just sharing. Information wants to be free! Remember?

      On slashdot, information wants to be free and there's no such thing as intellectual property when it's the RIAA or MPAA. When it's someone we like, then the group think is very, very different. Suddenly, artificial scarcity is fine, it's wrong to copy someone else's creation against their will.

      • by Anonymous Coward on Monday June 25, 2012 @10:17PM (#40447917)

        OK, don't feed the trolls, but here goes anyway:

        There's a bit of a difference: The AutoCAD drawings being stolen were (presumably) never meant to be released to the public. It could very well be theft, as in theft of trade-secret or such. Piracy never enters into it, as it's not a publicly-sold copyrighted work.

        You generally don't walk up to a engineering firm and ask to browse their drawings catalog and then offer to buy one. If you somehow did manage to buy a drawing, and if said drawing were copyrighted, and you then turned around and started selling copies of that drawing to others, then that would be piracy (and not theft).

        Theft of corporate secrets is indeed theft, since the original owners no longer have the secrets. The "secrecy" part of it is forever gone, even if the drawings remain. The economic loss is easily much, much greater than the corresponding loss due to piracy, namely of one potential sale of a copyrighted work that's otherwise generally available.

        • by znrt (2424692)

          if said drawing were copyrighted, and you then turned around and started selling copies of that drawing to others, then that would be piracy (and not theft).

          From Wikipedia, the free encyclopedia:
          "Piracy is an act of robbery or criminal violence at sea. "

          the RIAA or MPAA have not only coluded your civil rights already, they aren't only a serious threat for your freedom of speech, they have already hijacked your language, thus effectively manipulating and screwing your thinking. sad.

          • by Anonymous Coward

            if said drawing were copyrighted, and you then turned around and started selling copies of that drawing to others, then that would be piracy (and not theft).

            From Wikipedia, the free encyclopedia: "Piracy is an act of robbery or criminal violence at sea. "

            the RIAA or MPAA have not only coluded your civil rights already, they aren't only a serious threat for your freedom of speech, they have already hijacked your language, thus effectively manipulating and screwing your thinking. sad.

            ok, that is very selective copying from Wikipedia, and it doesn't help our cause to become the fud side. Not only do Wikipedia have a list [wikipedia.org] of what piracy also may refer to, including copyright infringement. But also tells you that the use of "piracy" in context of copyright infringement dates back to 1603 [wikipedia.org] (a bit before RIAA/MPAA could "hijack the language") and has been a common term for this since, including in the 1886 Berne Convention [wikipedia.org].

          • I prefer to hijack their hijack.

            Yarrr!
      • by AK Marc (707885)
        Trade Secrets are *not* copyrighted. Copyright law applies in some cases because the lawyers didn't know where else to put it, but copyright applies to published works, and Trade Secrets are not published works. There's a difference, but those looking to support their pet causes without regard to reality refuse to ever see it.
        • by jaymemaurice (2024752) on Tuesday June 26, 2012 @01:55AM (#40449265)

          The correct description of this is industrial espionage.

        • by MrHanky (141717)

          Are you sure about that? Under the Berne Convention, copyright is automatic, and is the original creator's exclusive right of copying. It shouldn't matter whether it's intended for publication or not.

          • by AK Marc (707885)
            I don't live in Berne. We pass our own laws. If the government chose to agree to a convention, then not implement laws that uphold it, I'm not held to that convention. And, from what I can tell, protections start at "publication" (certainly the expiry times, as those take the longest dates). But the laws to mention Trade Secret separately. If they are copyrighted at creation, there is no such thing as a Trade Secret. And, at least in the US, copyright is to encourage publication, and Trade Secrets are
            • by MrHanky (141717)

              Thanks. But if you don't have a clue about copyright law, why state your inane bullshit as facts?

              • by AK Marc (707885)
                Because you are commenting on international law or such that doesn't apply to me. I'm not "international" I'm a citizen of the USA, and bound by those laws. If the US laws do not recognize the distinction you make, then you are arguing about the number of cans of beans in my cupboard by looking in yours and declaring me wrong. And no, just because you have more or less than me doesn't mean that the number in my cupboard is wrong. Some treaty or convention that the US is theoretically bound to does not
                • by MrHanky (141717)

                  Yes, but you still don't know anything about copyright law, and the U.S. has in fact enacted the Berne Convention since 1989. You don't have to repeat all that to prove, once again, that you know nothing about U.S. copyright law. Idiot.

      • by Bodero (136806)

        On slashdot, information wants to be free and there's no such thing as intellectual property when it's the RIAA or MPAA.

        Correct. There isn't a better example than the The Oatmeal saga.

        • by tsm_sf (545316)
          So... you're saying we prefer a scrappy entrepreneur over a bloated group of coked up media whores.

          And we're supposed to feel bad about it. Do I have that right? We're supposed to feel bad?
      • by DarkOx (621550)

        Because there is difference between independently duplicating published material and converting someone else's property for your use, getting their computer to publish materials to you in this case.

        I and I expect many other Slashdot readers would argue the harm here is the using of a computer that does not belong to you to do something you have not been given permission to do. I also think exposing trade secrets and duplication copyrighted works need to be thought about differently. In the case of copyri

    • by NEDHead (1651195) on Monday June 25, 2012 @09:12PM (#40447447)

      The CADS. Have they no honour? (spelt this way 'cuz it looks better)

    • by betterunixthanunix (980855) on Monday June 25, 2012 @09:34PM (#40447631)
      The Chinese are just sampling these designs to decide whether or not to buy.
  • by Alan Shutko (5101) on Monday June 25, 2012 @08:37PM (#40447161) Homepage

    That it's finally expanded into the virus industry!

    • by Anonymous Coward

      No... it has just become self aware, and is doing this on its own for reasons we cannot possibly comprehend.

  • Why else would they take their designs?

    It makes cloning villages much eaier if you have the blue-prints.

    I bet these guys http://idle.slashdot.org/story/12/06/22/0022251/china-pirates-austrian-village [slashdot.org] would have loved the blue-prints before they started

    • I dunno about that. When I think Peru, I think advanced engineering in architecture and mechanics :-P And flutes. It's probably primarily used for flute design actually lol.
    • by rtb61 (674572)

      More likely that it is a fishing expedition and they really are after engineering documentation and technical drawings of a more secret kind. Building plans might have some useful bits to copy nut are likely to attract the kind of skills to create the worm. This could very well be just the first version. M$ windows and the applications running on top of it seem to have become the vector for wide ranging worms, viruses and trojans released by government espionage agencies running Linux ie they are safe scre

  • by microbee (682094) on Monday June 25, 2012 @08:46PM (#40447231)

    Just arrest all LISP programmers and beat them up until they talk. There aren't many anyways.

    • by Charliemopps (1157495) on Monday June 25, 2012 @09:26PM (#40447541)
      If you count all the custom versions of LISP out there used for scripting inside other applications I think you'd be rather surprised just how many LISP programmers there are. Half of them probably don't even know what they're writing in is based on LISP.
    • There aren't many anyways

      Clojure is becoming pretty popular these days, and there are plenty of not-so-trendy places where you see Scheme and Common Lisp being used. Also, do not forget that a certain widely used text editor is mostly written in Lisp, and that there are plenty of developers working on that editor.

      Oh, yeah, and AutoCAD macros, but I am not sure how many people are writing those...

      • by dbIII (701233)

        Oh, yeah, and AutoCAD macros, but I am not sure how many people are writing those

        It used to be a major selling point of AutoCAD and why I hated using the light version where repetive tasks couldn't be automated (I even imported data from spreadsheets and did decent graphs in CAD instead of the shit line graphs in MS Excel at the time). Then I just got used to not doing macros, and moved on to use other CAD that was not as shitty as AutoCAD LT. Now python has some DXF functions so you can do things to expo

    • by Cow Jones (615566)
      Just arrest all LISP programmers and beat them up until they Smalltalk.
  • by FudRucker (866063) on Monday June 25, 2012 @09:19PM (#40447479)
    use the email addresses to send flawed data to china so they end up trying to build impossible things like what is found in Escher's drawings
    • by bmo (77928) on Monday June 25, 2012 @09:54PM (#40447775)

      But then they will be building the impossible while we only build the possible. They will have assumed that we have working Poiuyts and attempt to build them themselves, not knowing that they don't work. The biggest problem in not getting something done is assuming it can't be done. The Chinese will assume it can be done, and do it.

      We will then be having generals and captains of industry bemoaning the Poiuyt Gap, which must be closed and we will spend trillions building Poiuyts.

      --
      BMO - What, me worry?

  • by Artifakt (700173) on Monday June 25, 2012 @09:24PM (#40447529)

    A brand new install of Autocad costs $3,995 and up. It produces files that have a distinctive extension, making them easy to identify and to tell from other types of documents without even having to examine internal code. Any file produced by a legal autocad install was made by somebody who paid serious money to be able to do so. Ergo, if someone can harvest a thousand Autocad files at random, a high proportion of them will be of valuable, useful stuff.

            Fighting warez sites distributing Autocad means, if the company is successful, a higher percentage of the documents made with it will be the valuable stuff. At 4K a legitimate copy, actually stopping a high percentage of 'pirates' means increasing the danger to your own legitimate users.

              If going through 10,000 autocad documents means finding, say, a dozen new patent filings and diagrams, two trade secret process designs for million dollar product lines, a few archetectural blueprint packages, and such, it becomes worth a government paying a programming team to write the software and putting three or four fulltime engineers and a few technicians on just evaluating those documents for the 'good' ones. If there were a thousand bootleg copies of the software for every legitimate one, that government might not bother to go through 10 million documents for about the same haul, as most of the bootleg copies won't be producing anything worth that much.

    • by trout007 (975317) on Monday June 25, 2012 @09:31PM (#40447589)

      AutoCAD isn't used by too many serious mechanical engineers anymore. We have moved to parametric CAD like Solid Works, Pro/E, CATIA, ect. Structural Engineers use programs like STAAD that have tools for compiling with structural steel standards. I do know some people that still use AutoCAD for schematic work.

      • by mbkennel (97636)

        ah, that makes it so much more espionage proof.

      • by WCVanHorne (897068) on Monday June 25, 2012 @10:15PM (#40447911)
        Well in manufacturing you may be correct but in construction AutoDesk is still a top dog.
        • by Anonymous Coward

          I'm in the construction field (architecture more specifically), and we left AutoCAD years ago for more advanced BIM software. And I'm in a part of the country that is somewhat behind our industry curve.

          AutoCad is far from top dog. Compared to tools like Revit, it is just a dog. I'll never go back.

          • by GigaplexNZ (1233886) on Tuesday June 26, 2012 @03:08AM (#40449597)

            Well in manufacturing you may be correct but in construction AutoDesk is still a top dog.

            AutoCad is far from top dog. Compared to tools like Revit, it is just a dog. I'll never go back.

            Revit is made by Autodesk.

            • by cawpin (875453)
              While you are all correct, AutoCAD is no longer used by mechanical engineering nearly as much as it used to be, it is still widely used in other fields. Specifically, the electrical diagraming add-ons are very much still used for schematics. Plant floor plans are also a big part of it's use as 3D isn't a necessary part.
            • by EnsilZah (575600)

              Gotta love Autodesk, they're so committed to customer choice they have like three competing products in each category.

      • architects (Score:5, Insightful)

        by rubycodez (864176) on Monday June 25, 2012 @10:16PM (#40447913)

        what the chinese will mostly get is many, many house floorplans, elevations and relfected ceiling plans

        • The Chinese do do a lot of copycat architecture [nationalgeographic.com], model cities after other famous locations, etc. It is strangely plausible that this could actually be some kind of art heist. . . .

        • what the chinese will mostly get is many, many house floorplans, elevations and relfected ceiling plans

          And of course, lacking human resource to take the time to peruse the captured information they'll just throw their hands up and say 'Oh well I guess it's not worth stealing 100,000 designs to get one or two really good ones..." /ironyoff

        • by ledow (319597)

          The only person I know who actually owns a copy of AutoCAD is an interior designer.

          Good luck lifting all those living-room designs. I think the inbox associated with the worm overflowed for a reason - nobody ever bothered to check it after the first several million examples, samples, minor designs and things totally uninteresting to anyone but the person who made the files (e.g. a house plan of some unknown suburban semi so they could see where the sofa could fit).

    • by AK Marc (707885)
      That, and AutoCAD where I worked last where there was an official install (with the retail price you mention, many pirate), you'd have ended up with useless GIS data that's kept in AutoCAD because ESRI costs more, and every GIS document generated was public knowledge and available from the city. It was mostly telephone pole locations for a telecom.
    • I'm a bit surprised that it is worth it though. The vast majority of autocad drawings are really boring - building layouts, miscellaneous machine parts etc. It would be very labor intensive to go through zillions of stolen drawings to try to figure out which ones were actually valuable.

      OTOH, this could be a sort of demonstration run. Once they find out how to quietly steal drawings, they might be able to modify the code to look for specific drawings from specific companies or government sites. They might be

      • by Hillgiant (916436)

        I'm a bit surprised that it is worth it though. The vast majority of autocad drawings are really boring ... miscellaneous machine parts etc

        Do you have ANY idea how much margin there is in spare parts? I have worked at several companies that lose money on the front end and make it up on scheduled maintenance. Hence our big customers are constantly badgering us for "detailed part drawings" of sub components. They can ask, and they can get politely refused. I.e. "You paid for the machine, you did not pay for the engineering that went into it. Otherwise the price would have been 2-3 orders of magnitude higher." or, somewhat less adroitly "No

    • If there were a thousand bootleg copies of the software for every legitimate one, that government might not bother to go through 10 million documents for about the same haul, as most of the bootleg copies won't be producing anything worth that much.

      Wait, so the problem is that the Chinese are stealing people's blueprints, and your "solution" is to have people steal software? That's got to be the most twisted defense of piracy I've ever seen. I mean, if it's morally acceptable to take a piece of software that retails for $4000 without paying for it, then isn't it also morally acceptable for the Chinese to steal those blueprints? If it's okay to steal software, movies, and music because "information wants to be free" then its okay for the Chinese to, sa

      • Wait, so the problem is that the Chinese are stealing people's blueprints, and your "solution" is to have people steal software? That's got to be the most twisted defense of piracy I've ever seen. I mean, if it's morally acceptable to take a piece of software that retails for $4000 without paying for it, then isn't it also morally acceptable for the Chinese to steal those blueprints?

        Actually, the first action is unlikely to significantly reduce Autodesk's revenues, however, the second action plus Chinese companies selling cheaper knock-offs of your stuff can put your engineering company out of business. So if you're pragmatic, yes, the GP is on to something here.

  • "Security researchers have come across a worm that is meant specifically to steal .. files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates .. ACAD/Medre.A was written in AutoLISP, a specialized version of the LISP scripting language that's used in AutoCAD".

    Does this 'worm` run on any other system except Microsoft Windows?
  • If you are infected with this, please please make bogus plans for exotic weapons, marital aides and artistic expressions.

    Please salt those wounds!

  • LISP is not a scripting language.

    -------

    My other car is a cdr.
    • by dbIII (701233)
      AutoLISP is from memory. It got a very shitty reputation because on the early implementations in AutoCAD (some of which I had the misfortune of using), the parser was very sensitive to whitespace and had a few other little quirks. That meant that sometimes a script wouldn't run until you deleted a line and retyped in the the same human readable text - so debugging was very time consuming. I attempted to write a 3D drawing to G-code converter in it as part of a Univerisity CAD subject in 1988 (feed in dra
  • Blueprints? (Score:5, Funny)

    by BobandMax (95054) on Monday June 25, 2012 @11:32PM (#40448399)

    If it can steal blueprints, that is one sophisticated piece of software. It would have to fold them, stuff and seal envelopes, calculate and affix postage and deposit them in the outgoing mail. Wow!

  • by Aryeh Goretsky (129230) on Tuesday June 26, 2012 @01:33AM (#40449173) Homepage

    Hello,

    Somewhat surprised to see that the original research on the worm by ESET has not been mentioned yet on Slashdot. For all those who are interested, here it is:

    From speaking with some of the ESET folks involved in the above, it seems there may be additional details forthcoming.

    Regards,

    Aryeh Goretsky

    • Hello,

      Somewhat surprised to see that the original research on the worm by ESET has not been mentioned yet on Slashdot. For all those who are interested, here it is:

      From speaking with some of the ESET folks involved in the above, it seems there may be additional details forthcoming.

      Regards,

      Aryeh Goretsky

      Thanks for this..up until your post I actually thought it was called Merde.A...

    • by tinkerton (199273)

      I checked the technical analysis document: the file involved is a fas file, that is compiled lisp. It's called acad.fas , maybe this increases the chances it gets executed automatically. The source in this case a mixture of vbs and lisp,probably the lisp file writes vbs scripts.

      Although the malware is written in AutoLISP, its main functions are carried out by Visual Basic Scripts, which are dropped and executed by the VBS interpreter built in Windows. This is shown in the following code snippet, where the V

      • by tinkerton (199273)

        Yes, an acad.fas file next to a drawing will be loaded automatically if you open the drawing by doubleclicking on it.

  • Maybe it's just some local corporate espionage using Chinese mailboxes to cover their tracks.
    • by FhnuZoag (875558)

      Yeah. The only connection to China is that the email accounts are on 163.com and qq.com, popular Chinese free email providers. But anyone can set up an account on these websites, in any country. Just go to e.g. http://reg.email.163.com/mailregAll/reg0.jsp?from=163mail [163.com] , type in the email address and password you want, and viola. The toughest part would probably be the chinese language captcha, but that's not impossible to get through with a handwriting IME, even if you don't know Chinese.

  • This is not the first time AutoCAD has been hit. If I remember correctly, this problem also had some links to China. http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=13717811&linkID=9240617 [autodesk.com]
  • you see, we actually WANT you to share blueprints and designs.

"Never give in. Never give in. Never. Never. Never." -- Winston Churchill

Working...