Feeds

Autocad attacks return after four years in wilderness

The virus makes a comeback

Top three mobile application threats

Viruses attacking users of the Autocad computer assisted design application have recently resurfaced after taking a four-year hiatus, prompting a call from one security watcher for more to be done to done to prevent such outbreaks.

And indeed, that's exactly what Autodesk, the California-based maker of the high-end program, has pledged to do.

Over the past few weeks, Sophos Senior Threat Researcher Paul Baccas has spotted two viruses that target Autocad. One of them, dubbed AL/Utax-A, attempts to create new users, a sign that the virus writers are acting out of malicious intent, he said. A newer pest called AL/Logo-A is more of a nuisance. According to an analysis that isn't yet complete, it copies itself to Autocad files, but it isn't believed to modify or delete any data.

To be sure, the resurgence is small, but Baccas says it highlights a very real vulnerability in Autocad and other applications that employ user-generated scripts to automate repetitive tasks. While Microsoft made significant changes to its Office 2007 to blunt the threat of macro-borne attacks, many other application makers have yet to follow suit.

"It's always good for developers to think about security and security holes, especially if they are providing an automated scripting language to automate tasks," Baccas told The Register. "I would like to talk to people from Autodesk about this problem."

Autocad developers are already on the case, said Noah Cole, a senior communications manager at Autodesk. The next version of the program will be redesigned so scripts are loaded in a "more secure and trusted manner," he said.

The most recently discovered virus spreads through a scripting file called acad.vlx, which is transmitted when designers exchange their work. Once it's on a user's machine, it gets loaded each time Autocad is started. Similar Autocad viruses were reported in 2005, but have largely been dormant since then.

Sophos and most other anti-virus programs detect the viruses, Cole said.

More about the viruses is here and here. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.