Report: Espionage malware sends data to China

Report: Espionage malware sends data to China

Summary: Dubbed ACAD/Medre.A, malware targets AutoCAD software, steals and sends files to e-mail accounts located in China, says security vendor ESET, which is working with Chinese firms to prevent further harvesting of data.

SHARE:

ESET Security researchers have discovered an espionage worm, believed to have originated from China,   that targets and steals files running AutoCAD software.

According to the security vendor in a blog post Thursday, "tens of thousands" of AutoCAD blueprints had been leaked by the malware, called ACAD/Medre.A, which steals files and sends them to e-mail accounts located in China. This led the security vendor to conclude the malware was likely designed for industrial espionage.

ESET added it was working with Chinese Internet service provider (ISP), Tencent, the Chinese National Computer Virus Emergency Response Center, and Autodesk, the creator of AutoCAD, to stop the harvesting of blueprints by blocking e-mail accounts associated with the stolen data.

The malware infects AutoCAD by modifying native startup files and employing Visual Basic Scripts executed using the Wscript.exe interpreter integrated in Windows operating system, Righard Zwienenberg, senior research fellow at ESET, explained in the blog post. After some configuration, the malware opens AutoCAD blueprints through e-mail to a recipient with an e-mail account at Chinese Internet provide 163.com, and will do the same using 22 other accounts on 163.com and 21 accounts at qq.com, Zwienenberg added.

"ACAD/Medre.A represents a serious example of industrial espionage," he said. "Every new design is sent automatically to the operator of this malware. Needless to say, this can cost the legitimate owner of the intellectual property a lot of money as the cybercriminals have access to the designs even before they go into production."

Business users in Peru were main victims of the attack, though the malware also surfaced in other parts of South America, ESET noted. A high number of infections was observed in the country where the malware had disguised itself as AutoCAD files and distributed to companies conducting business within Peru's public sector, noted the security company. As such, organizations in Peru might have been the primary target of ACAD/Medre.A operators, it added.

Topics: Security, CXO, Mobility, China, IT Employment

Ellyne Phneah

About Ellyne Phneah

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion