ESET has uncovered a worm which targets drawings created in AutoCAD, a computer-aided design and drafting software developed by Autodesk.
Known as ACAD/Medre.A, the worm recently showed a huge spike in Peru on the ESET LiveGrid, a cloud-based malware collection system utilizing data from ESET users globally. Studies have shown that this worm steals files, and then sends them to email accounts located in China. ESET has worked with Chinese ISP Tencent, Chinese National Computer Virus Emergency Response Center and Autodesk, the creator of AutoCAD, to stop the transmission of these files.
ESET has also confirmed that tens of thousands of AutoCAD drawings, predominantly from users in Peru and some from Latin American countries, were being leaked at the time of discovery. The accounts used for relaying the emails with the drawings have since been blocked to prevent further leakage
In Asia, there are some infections in China, Taiwan, Thailand, and Hong Kong, but the numbers are very small.
Users can download a free standalone cleaner by ESET.
Read on for the full press release.
BRATISLAVA - ESET has uncovered a worm that targets drawings created in AutoCAD software for computer-aided design (CAD). Recently the worm, ACAD/Medre.A, showed a big spike in Peru on ESET’s LiveGrid (a cloud-based malware collection system utilizing data from ESET users worldwide). ESET’s research shows that the worm steals files and sends them to email accounts located in China. ESET has worked with Chinese ISP Tencent, Chinese National Computer Virus Emergency Response Center and Autodesk, the creator of AutoCAD, to stop the transmission of these files. ESET confirms that tens of thousands of AutoCAD drawings, primarily from users in Peru, were leaking at the time of the discovery. ESET has made a free stand-alone cleaner available at http://download.eset.com/special/EACADMedreCleaner.exe
ESET has made a free stand-alone cleaner available for public use. Upon the realization of the magnitude of this threat ESET reached out to Tencent, the owner of the qq.com domain. ESET also established contact with Autodesk. Thanks to the swift actions of ESET and Tencent, the accounts used for relaying the e-mails with the drawings have been blocked and further leakage has been prevented.
ESET research teams around the globe have observed a small number of infections in other Latin American countries along with Peru. In addition, the high number of infections observed in Peru might also be explained by the fact that malware disguised as AutoCAD files may have been distributed to companies that were conducting business with public services in Peru. This leads us to think organizations in this country might have been the primary target of the ACAD/Medre.A operators. ESET is in contact with the local authorities to remediate the affected website.