Design file as attack vector for malware


#1

Per this article, it looks like there's been a sophisticated effort from at least four years ago in distributing malware via AutoCAD object files. It uses embedded .fas scripting attacks as part of the design package, bringing in the malware.

The probable reason would be corporate espionage and they're stealing designs. Since it's recently been discovered, it's difficult to estimate just how many files have been stolen from computers.


#2

My company, an architecture/engineering firm, have been fighting that fas virus forever it seems. Pretty sure it's been around longer than just 4 years.


#3

What did you guys do? Personally, I would have written something myself to scan the file if I did have a known sample.


#4

I wrote a custom script in autolisp that detects the known variants of acad.fas, etc. and delete them when it found them. We couldn't tell if it was actually doing anything but started to show in all our project folders where people were double-click opening their dwg files (still warn them against doing this anyway since it's not best practice). Then did a bunch of search and destroy mentions manually across the server/environment to try and get rid of them as much as possible. I guess now we know that it was spreading a trojan...which hopefully our other antivirus stuff is catching.