Sunday, June 24, 2012

Cyber Espionage: Malware Gets Snoopy

pcworld.com


The world of malware has, over the last couple of decades, morphed to become not just a mechanism with which to subvert people's computers and steal money, but also a way for corporations and sovereign states to conduct cyber espionage.

An example of malware being used for industrial cyber espionage emerged two months ago with a worm, which had previously been quite rare, breaking out suddenly in Peru and neighboring countries.
This worm, specific to the electronic drafting software AutoCAD, is called ACAD/Medre.A and is written in AutoLISP, the language that is used to script operations in AutoCAD. ACAD/Medre.A has a very devious agenda: It e-mails copies of the drawings the user opens to over 40 mail boxes hosted at two different Chinese ISPs.
The antivirus firm ESET in San Diego was the first to detect the outbreak in Peru and noted that they could "see detections at specific URLs, which made it clear that a specific website supplied [an infected] AutoCAD template that appears to be the basis for this localized spike ... If it is assumed that companies which want to do business with [the company at the URL] have to use this template, it seems logical that the malware mainly shows up in Peru and neighboring countries. The same is true for larger companies with affiliated offices outside this area that have been asked to assist or to verify the – by then – infected project and then [infect] their own environment."
In other words, someone or some organization -- not necessarily in China -- planted the infected template. As a result they were able to swipe the drawings of all of the companies competing for some project, presumably to gain an edge in securing business.
More here: http://www.pcworld.com/article/258245/malware_gets_snoopy.html


No comments: