AutoCAD Worm Medre.A Stealing Designs, Blueprints 139
Trailrunner7 writes, quoting Threat Post: "Security researchers have come across a worm that is meant specifically to steal blueprints, design documents and other files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. However, experts say that the worm's infection rates are dropping at this point and it doesn't seem to be part of a targeted attack campaign. ... [They] discovered that not only was the worm highly customized and well-constructed, it seemed to be targeting mostly machines in Peru for some reason. ... They found that ACAD/Medre.A was written in AutoLISP, a specialized version of the LISP scripting language that's used in AutoCAD."
I vote we call it Bawney Fwank (Score:4, Funny)
also Autodesk software needs local admin to run ri (Score:5, Interesting)
also most Autodesk software needs local admin to run right or at least the older ver of it did.
Re: (Score:2)
Well my copy of 2012 does, otherwise it won't work at all. I don't know if 2013 does. Maybe someone who's company has sprung for the new version can chime in. Nothing like "gaping ass wide security hole" to make your day is there? Err never mind...that could probably lead to a 13 year old joke.
Re: (Score:3)
I'm going to ball CS, I install Autocad for many of my customer's users, and I haven't needed to give them admin privileges since version 2007 I think.
Re: (Score:2)
Or does AutoCAD have some horrible DRM system that would get in the way of that approach?
auto cad needs a better then video card (Score:5, Informative)
auto cad needs a better then video card what most vm have. Also can use a lot of cpu power.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
The problem is that people don't expect that they have to pay that close attention to what they're buying to make sure they get all the features. You would think that buying an i7, which is Intel's top of the line desktop chip, would mean it would include all the features of the lower end desktop chips. But that's not always the case.
Re: (Score:3)
Re: (Score:3)
It may have taken a second or two to redraw shaded views, but CPU speeds were never a real issue.
The biggest problems back then were network problems. "Network going down!" was a common scream around the body design shop and everyone rushed to save their work.
Solid modelling was done on the same Spark stations in 1999. Once again, no real problems with the hardware.
I miss Solaris. As a young man, I couldn't believe we
Re: (Score:2)
Re: (Score:2)
Solaris, where simple things like pressing the up arrow in the terminal don't work (or was it tab completion, one of the two, don't remember which).
Solaris is like Linux, except that everything is a little worse.
Maybe back in those days you mentioned it was good compared to the rest then... But maybe today it's still like it was in 1992 or so?
Re: (Score:3)
The lack of arrows and broken tab completion was a problem with ksh, no matter what Unix variant you ran it on. Ksh can be fixed to provide both features using some hacks in your kshrc, but they aren't obvious. Or, you can just use bash like you do on Linux.
Of course, the version of bash on Solaris 10 is ancient, but that's a consequence of the philosophy of "if it isn't broke, don't fix it." This philosophy pervades the entire toolchain and the core libraries. This focus on stability is great for serve
Re: (Score:2)
Option 2 for the win
Re: (Score:2)
Re: (Score:2)
A friend of mine told me about a studio he worked for where they got explicit permission from Autodeks to use cracks for Maya so they wouldn't have to deal with the copy protection.
Re: (Score:1)
Re: (Score:3)
also most Autodesk software needs local admin to run right or at least the older ver of it did.
AutoCAD 2013 (and 2012, and at least a few more versions back) run fine without admin rights. It helps to have write permissions opened up on various AutoCad folders (Program Files\AutoDesk, ProgramData\Autodesk, etc.) to allow for customization, but the application will run fine. Admin rights are only needed at the time of initial installation.
Re: (Score:1)
can we stop calling it stealing (Score:4, Funny)
It's just sharing. Information wants to be free! Remember?
Re: (Score:1, Insightful)
It's just sharing. Information wants to be free! Remember?
On slashdot, information wants to be free and there's no such thing as intellectual property when it's the RIAA or MPAA. When it's someone we like, then the group think is very, very different. Suddenly, artificial scarcity is fine, it's wrong to copy someone else's creation against their will.
Re:can we stop calling it stealing (Score:5, Insightful)
OK, don't feed the trolls, but here goes anyway:
There's a bit of a difference: The AutoCAD drawings being stolen were (presumably) never meant to be released to the public. It could very well be theft, as in theft of trade-secret or such. Piracy never enters into it, as it's not a publicly-sold copyrighted work.
You generally don't walk up to a engineering firm and ask to browse their drawings catalog and then offer to buy one. If you somehow did manage to buy a drawing, and if said drawing were copyrighted, and you then turned around and started selling copies of that drawing to others, then that would be piracy (and not theft).
Theft of corporate secrets is indeed theft, since the original owners no longer have the secrets. The "secrecy" part of it is forever gone, even if the drawings remain. The economic loss is easily much, much greater than the corresponding loss due to piracy, namely of one potential sale of a copyrighted work that's otherwise generally available.
Re: (Score:1)
if said drawing were copyrighted, and you then turned around and started selling copies of that drawing to others, then that would be piracy (and not theft).
From Wikipedia, the free encyclopedia:
"Piracy is an act of robbery or criminal violence at sea. "
the RIAA or MPAA have not only coluded your civil rights already, they aren't only a serious threat for your freedom of speech, they have already hijacked your language, thus effectively manipulating and screwing your thinking. sad.
Re: (Score:1)
if said drawing were copyrighted, and you then turned around and started selling copies of that drawing to others, then that would be piracy (and not theft).
From Wikipedia, the free encyclopedia: "Piracy is an act of robbery or criminal violence at sea. "
the RIAA or MPAA have not only coluded your civil rights already, they aren't only a serious threat for your freedom of speech, they have already hijacked your language, thus effectively manipulating and screwing your thinking. sad.
ok, that is very selective copying from Wikipedia, and it doesn't help our cause to become the fud side. Not only do Wikipedia have a list [wikipedia.org] of what piracy also may refer to, including copyright infringement. But also tells you that the use of "piracy" in context of copyright infringement dates back to 1603 [wikipedia.org] (a bit before RIAA/MPAA could "hijack the language") and has been a common term for this since, including in the 1886 Berne Convention [wikipedia.org].
Re: (Score:2)
Yarrr!
Re: (Score:2)
The AutoCAD drawings being stolen were (presumably) never meant to be released to the public
Pirated music was never made available to the public to download for free either.
I feel like there is a difference there. The act of "piracy" is one of taking something that was shared to you willingly (EG. a burnt CD from a friend), without paying a tithe to the owner of that "idea." Accessing someone's private information and taking it from them against their will seems much more morally reprehensible to me.
Re: (Score:2)
Re:can we stop calling it stealing (Score:5, Insightful)
The correct description of this is industrial espionage.
Re: (Score:2)
Are you sure about that? Under the Berne Convention, copyright is automatic, and is the original creator's exclusive right of copying. It shouldn't matter whether it's intended for publication or not.
Re: (Score:2)
Re: (Score:2)
Thanks. But if you don't have a clue about copyright law, why state your inane bullshit as facts?
Re: (Score:2)
Re: (Score:2)
Yes, but you still don't know anything about copyright law, and the U.S. has in fact enacted the Berne Convention since 1989. You don't have to repeat all that to prove, once again, that you know nothing about U.S. copyright law. Idiot.
Re: (Score:3)
On slashdot, information wants to be free and there's no such thing as intellectual property when it's the RIAA or MPAA.
Correct. There isn't a better example than the The Oatmeal saga.
Re: (Score:3)
And we're supposed to feel bad about it. Do I have that right? We're supposed to feel bad?
Re: (Score:2)
Because there is difference between independently duplicating published material and converting someone else's property for your use, getting their computer to publish materials to you in this case.
I and I expect many other Slashdot readers would argue the harm here is the using of a computer that does not belong to you to do something you have not been given permission to do. I also think exposing trade secrets and duplication copyrighted works need to be thought about differently. In the case of copyri
Re: (Score:2)
Re:can we stop calling it stealing (Score:5, Funny)
The CADS. Have they no honour? (spelt this way 'cuz it looks better)
Re:can we stop calling it stealing (Score:5, Funny)
Re:can we stop calling it stealing (Score:5, Interesting)
there might be some truth [washingtontimes.com] to that:
LISP is so great (Score:5, Funny)
That it's finally expanded into the virus industry!
Re: (Score:1)
No... it has just become self aware, and is doing this on its own for reasons we cannot possibly comprehend.
Re: (Score:3)
Re: (Score:2)
P!
It is jsut so that they can re-create Peru (Score:3)
Why else would they take their designs?
It makes cloning villages much eaier if you have the blue-prints.
I bet these guys http://idle.slashdot.org/story/12/06/22/0022251/china-pirates-austrian-village [slashdot.org] would have loved the blue-prints before they started
Re: (Score:3)
Re: (Score:2)
More likely that it is a fishing expedition and they really are after engineering documentation and technical drawings of a more secret kind. Building plans might have some useful bits to copy nut are likely to attract the kind of skills to create the worm. This could very well be just the first version. M$ windows and the applications running on top of it seem to have become the vector for wide ranging worms, viruses and trojans released by government espionage agencies running Linux ie they are safe scre
Easy to track down (Score:5, Funny)
Just arrest all LISP programmers and beat them up until they talk. There aren't many anyways.
Re:Easy to track down (Score:5, Interesting)
Re: (Score:3)
There aren't many anyways
Clojure is becoming pretty popular these days, and there are plenty of not-so-trendy places where you see Scheme and Common Lisp being used. Also, do not forget that a certain widely used text editor is mostly written in Lisp, and that there are plenty of developers working on that editor.
Oh, yeah, and AutoCAD macros, but I am not sure how many people are writing those...
Re: (Score:2)
It used to be a major selling point of AutoCAD and why I hated using the light version where repetive tasks couldn't be automated (I even imported data from spreadsheets and did decent graphs in CAD instead of the shit line graphs in MS Excel at the time). Then I just got used to not doing macros, and moved on to use other CAD that was not as shitty as AutoCAD LT. Now python has some DXF functions so you can do things to expo
Re: (Score:3)
Re: (Score:2)
this would be a good time to send flawed data (Score:5, Funny)
The Coming Poiuyt Gap. (Score:4, Funny)
But then they will be building the impossible while we only build the possible. They will have assumed that we have working Poiuyts and attempt to build them themselves, not knowing that they don't work. The biggest problem in not getting something done is assuming it can't be done. The Chinese will assume it can be done, and do it.
We will then be having generals and captains of industry bemoaning the Poiuyt Gap, which must be closed and we will spend trillions building Poiuyts.
--
BMO - What, me worry?
Re: (Score:2)
Re: (Score:3)
nope
Re: (Score:1)
I know. that guy must NOT like chinese poontang. racist asshole.
The Law of Unexpected consequences (Score:5, Interesting)
A brand new install of Autocad costs $3,995 and up. It produces files that have a distinctive extension, making them easy to identify and to tell from other types of documents without even having to examine internal code. Any file produced by a legal autocad install was made by somebody who paid serious money to be able to do so. Ergo, if someone can harvest a thousand Autocad files at random, a high proportion of them will be of valuable, useful stuff.
Fighting warez sites distributing Autocad means, if the company is successful, a higher percentage of the documents made with it will be the valuable stuff. At 4K a legitimate copy, actually stopping a high percentage of 'pirates' means increasing the danger to your own legitimate users.
If going through 10,000 autocad documents means finding, say, a dozen new patent filings and diagrams, two trade secret process designs for million dollar product lines, a few archetectural blueprint packages, and such, it becomes worth a government paying a programming team to write the software and putting three or four fulltime engineers and a few technicians on just evaluating those documents for the 'good' ones. If there were a thousand bootleg copies of the software for every legitimate one, that government might not bother to go through 10 million documents for about the same haul, as most of the bootleg copies won't be producing anything worth that much.
Re:The Law of Unexpected consequences (Score:5, Informative)
AutoCAD isn't used by too many serious mechanical engineers anymore. We have moved to parametric CAD like Solid Works, Pro/E, CATIA, ect. Structural Engineers use programs like STAAD that have tools for compiling with structural steel standards. I do know some people that still use AutoCAD for schematic work.
Re: (Score:2)
ah, that makes it so much more espionage proof.
Re:The Law of Unexpected consequences (Score:4, Insightful)
Re: (Score:1)
I'm in the construction field (architecture more specifically), and we left AutoCAD years ago for more advanced BIM software. And I'm in a part of the country that is somewhat behind our industry curve.
AutoCad is far from top dog. Compared to tools like Revit, it is just a dog. I'll never go back.
Re:The Law of Unexpected consequences (Score:5, Informative)
Well in manufacturing you may be correct but in construction AutoDesk is still a top dog.
AutoCad is far from top dog. Compared to tools like Revit, it is just a dog. I'll never go back.
Revit is made by Autodesk.
Re: (Score:2)
Re: (Score:2)
Gotta love Autodesk, they're so committed to customer choice they have like three competing products in each category.
architects (Score:5, Insightful)
what the chinese will mostly get is many, many house floorplans, elevations and relfected ceiling plans
Re: (Score:2)
The Chinese do do a lot of copycat architecture [nationalgeographic.com], model cities after other famous locations, etc. It is strangely plausible that this could actually be some kind of art heist. . . .
Re: (Score:2)
what the chinese will mostly get is many, many house floorplans, elevations and relfected ceiling plans
And of course, lacking human resource to take the time to peruse the captured information they'll just throw their hands up and say 'Oh well I guess it's not worth stealing 100,000 designs to get one or two really good ones..." /ironyoff
Re: (Score:2)
The only person I know who actually owns a copy of AutoCAD is an interior designer.
Good luck lifting all those living-room designs. I think the inbox associated with the worm overflowed for a reason - nobody ever bothered to check it after the first several million examples, samples, minor designs and things totally uninteresting to anyone but the person who made the files (e.g. a house plan of some unknown suburban semi so they could see where the sofa could fit).
Re: (Score:2)
Re: (Score:2)
I'm a bit surprised that it is worth it though. The vast majority of autocad drawings are really boring - building layouts, miscellaneous machine parts etc. It would be very labor intensive to go through zillions of stolen drawings to try to figure out which ones were actually valuable.
OTOH, this could be a sort of demonstration run. Once they find out how to quietly steal drawings, they might be able to modify the code to look for specific drawings from specific companies or government sites. They might be
Re: (Score:2)
I'm a bit surprised that it is worth it though. The vast majority of autocad drawings are really boring ... miscellaneous machine parts etc
Do you have ANY idea how much margin there is in spare parts? I have worked at several companies that lose money on the front end and make it up on scheduled maintenance. Hence our big customers are constantly badgering us for "detailed part drawings" of sub components. They can ask, and they can get politely refused. I.e. "You paid for the machine, you did not pay for the engineering that went into it. Otherwise the price would have been 2-3 orders of magnitude higher." or, somewhat less adroitly "No
Re: (Score:2)
If there were a thousand bootleg copies of the software for every legitimate one, that government might not bother to go through 10 million documents for about the same haul, as most of the bootleg copies won't be producing anything worth that much.
Wait, so the problem is that the Chinese are stealing people's blueprints, and your "solution" is to have people steal software? That's got to be the most twisted defense of piracy I've ever seen. I mean, if it's morally acceptable to take a piece of software that retails for $4000 without paying for it, then isn't it also morally acceptable for the Chinese to steal those blueprints? If it's okay to steal software, movies, and music because "information wants to be free" then its okay for the Chinese to, sa
Re: (Score:2)
Wait, so the problem is that the Chinese are stealing people's blueprints, and your "solution" is to have people steal software? That's got to be the most twisted defense of piracy I've ever seen. I mean, if it's morally acceptable to take a piece of software that retails for $4000 without paying for it, then isn't it also morally acceptable for the Chinese to steal those blueprints?
Actually, the first action is unlikely to significantly reduce Autodesk's revenues, however, the second action plus Chinese companies selling cheaper knock-offs of your stuff can put your engineering company out of business. So if you're pragmatic, yes, the GP is on to something here.
Worm targets Windows machines .. (Score:1)
Does this 'worm` run on any other system except Microsoft Windows?
Re: (Score:2)
Oh people, please make bogus AutoCAD plans! (Score:1)
If you are infected with this, please please make bogus plans for exotic weapons, marital aides and artistic expressions.
Please salt those wounds!
Ahem (Score:2)
-------
My other car is a cdr.
Re: (Score:2)
Blueprints? (Score:5, Funny)
If it can steal blueprints, that is one sophisticated piece of software. It would have to fold them, stuff and seal envelopes, calculate and affix postage and deposit them in the outgoing mail. Wow!
Original research on ACAD/Medre.A at ESET's web si (Score:5, Informative)
Hello,
Somewhat surprised to see that the original research on the worm by ESET has not been mentioned yet on Slashdot. For all those who are interested, here it is:
From speaking with some of the ESET folks involved in the above, it seems there may be additional details forthcoming.
Regards,
Aryeh Goretsky
Re: (Score:2)
Hello,
Somewhat surprised to see that the original research on the worm by ESET has not been mentioned yet on Slashdot. For all those who are interested, here it is:
From speaking with some of the ESET folks involved in the above, it seems there may be additional details forthcoming.
Regards,
Aryeh Goretsky
Thanks for this..up until your post I actually thought it was called Merde.A...
Re: (Score:2)
I checked the technical analysis document: the file involved is a fas file, that is compiled lisp. It's called acad.fas , maybe this increases the chances it gets executed automatically. The source in this case a mixture of vbs and lisp,probably the lisp file writes vbs scripts.
Re: (Score:2)
Yes, an acad.fas file next to a drawing will be loaded automatically if you open the drawing by doubleclicking on it.
Chinese mailboxes neq China (Score:2)
Re: (Score:2)
Yeah. The only connection to China is that the email accounts are on 163.com and qq.com, popular Chinese free email providers. But anyone can set up an account on these websites, in any country. Just go to e.g. http://reg.email.163.com/mailregAll/reg0.jsp?from=163mail [163.com] , type in the email address and password you want, and viola. The toughest part would probably be the chinese language captcha, but that's not impossible to get through with a handwriting IME, even if you don't know Chinese.
Not the First Time (Score:1)
thingiverse does not have this problem (Score:2)
you see, we actually WANT you to share blueprints and designs.
Re: (Score:2)
I'm SHOCKED that Chinese email addresses seem to be involved. SHOCKED... and we will continue to do business with these lying cheating bastards who are waging economic warfare with the US until we send our last dollar there.
um this is a attack on puru no the US. you can calm down now besides haven't you ever heard of hosted servers, they can be leased anywhere in the world and china would be a great place to put get one because they aren't likely to sell you out without large amounts of money being involved
Re: (Score:2)
The evidence here that points to China seems about as strong as claiming a scam using Gmail means it's by the US. I.e. not at all.
Re: (Score:2)
Here you go, after five minutes of fiddling:
slashdot1234@163.com
password: qwerty
There, go log in at http://mail.163.com/ [163.com] . Now you too can be (allegedly) a Chinese super hacker!