Trend Micro Spotted AutoCAD Malware Nicknamed ACM_SHENZ.A

Security researchers of security firm Trend Micro have spotted an exciting piece of AutoCAD malware that has been dubbed as ACM_SHENZ.A. by them.

Notably, AutoCAD is a special software application for 2D and 3D computer-aided design (CAD) and drafting.

The malicious software is hidden as an AutoCAD piece and when it taints a machine, it (referring to ACM_SHENZ.A) generates an administrative account on the OS (operating system) and networks for all drives and unlocks the ports with the (SMB) Server Message Block protocol.

Judging by the functions of ACM_SHENZ.A, experts believe that it may have been created in a manner to be able to launch other attacks.

For instance, the account of administrator formed on tainted machines lets cyber crooks to embezzle files and implant other malicious software without breaking passwords for present accounts or opening fresh ones remotely.

Moreover, the crooks can abuse unpatched SMB flaw by opening the SMB ports to control the targeted system.

Experts note that these kind of malware may also be used to download or run other malware components beside disabling certain AutoCAD functions and opening all AutoCAD documents to spread malware.

Traditionally AutoCAD malware is very rare but not completely unheard of as an AutoCAD virus surfaced in 2009 and also appeared in 2012 which was identified as ACAD/Medre.A. by security firm ESET.

But, the malware that Trend Micro has spotted now is entirely different from 2012's worm and its purpose is slightly different.

Asserting this claim, Global VP of Trend Micro's Security Research, Rik Ferguson, noted: "Yep, 'tis different'."

Ferguson explained that the one spotted by ESET (referring to ACAD/Medre.A) was draining off documents of AutoCAD by transferring them out of the affected machines through email. This fresh malware performs system level work on the tainted machine building admin account and enabling protocols which weakens the tainted system's security and leaves it open for further exploitation.

Therefore, security experts advise users to keep their machines updated with latest version of anti-virus software and fix all unpatched vulnerabilities to mitigate the chances of being infected by this malicious worm.

» SPAMfighter News - 12/2/2013