Feeds

Autocad attacks return after four years in wilderness

The virus makes a comeback

SANS - Survey on application security programs

Viruses attacking users of the Autocad computer assisted design application have recently resurfaced after taking a four-year hiatus, prompting a call from one security watcher for more to be done to done to prevent such outbreaks.

And indeed, that's exactly what Autodesk, the California-based maker of the high-end program, has pledged to do.

Over the past few weeks, Sophos Senior Threat Researcher Paul Baccas has spotted two viruses that target Autocad. One of them, dubbed AL/Utax-A, attempts to create new users, a sign that the virus writers are acting out of malicious intent, he said. A newer pest called AL/Logo-A is more of a nuisance. According to an analysis that isn't yet complete, it copies itself to Autocad files, but it isn't believed to modify or delete any data.

To be sure, the resurgence is small, but Baccas says it highlights a very real vulnerability in Autocad and other applications that employ user-generated scripts to automate repetitive tasks. While Microsoft made significant changes to its Office 2007 to blunt the threat of macro-borne attacks, many other application makers have yet to follow suit.

"It's always good for developers to think about security and security holes, especially if they are providing an automated scripting language to automate tasks," Baccas told The Register. "I would like to talk to people from Autodesk about this problem."

Autocad developers are already on the case, said Noah Cole, a senior communications manager at Autodesk. The next version of the program will be redesigned so scripts are loaded in a "more secure and trusted manner," he said.

The most recently discovered virus spreads through a scripting file called acad.vlx, which is transmitted when designers exchange their work. Once it's on a user's machine, it gets loaded each time Autocad is started. Similar Autocad viruses were reported in 2005, but have largely been dormant since then.

Sophos and most other anti-virus programs detect the viruses, Cole said.

More about the viruses is here and here. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.