We all hear about, and sometimes experience issues with computer viruses. Most of the time we think of the damage that they can do upon our computers – destroyed files, compromised operational systems; you think of obvious signs of computer viruses, including the fact that your computer keeps freezing… It is easy to forget that some viruses can sneak up on you, and ride your system for a while – and if you do not have a good anti-virus measure in place, you may not even be aware of the worm.
This scenario is very likely if your system has been infected with a spy kind of a Trojan. Case in point:
About this time last year, Eset annonced uncovering of the worm that specifically targets autoCad design files. It comes in different variations, such as ACAD/Medre.A or AutoCAD Bourne. This year one of the variants of this virus slammed some design firms – specifically as announced by the American Surveyor: “The Trojan appears to be non-destructive. Upon information and belief, its primary purpose is industrial espionage – at least one variant of this malware was designed to send copies of DWG files to a file sharing site in China, but that site was subsequently shut down… Perhaps more importantly you may be facilitating the unauthorized release of confidential client information.” – writes Donovan Hatem of the American Surveyor.
Not all anti-virus software detects the Trojan because it is embedded in a compiled AutoCAD LISP file named “acad.fas.” The file is locked and hidden.
If you do not clean up this virus off your system, you may loose or compromise your ability to exchange DWG files, including but not limited to transfers on flash drives, email, personal computers, and FTP sites. If you discover you have the Trojan and you have shared AutoCAD files in any way, take the necessary steps to remove this virus from your computer as soon as possible and send a notice to any potentially impacted contacts.
Eset has a procedure in place for removal of this virus (look for ACAD/Medre removal on the list).
At this time, the source of the virus is not yet discovered, and the final destination of the DWG files, or f if the DWG files are actually sent to a third party is still unclear.