
The only surprise here is that the malware authors bothered to learn LISP; they must feel a need to diversify their product lines. (Or perhaps it's a targeted attack?)
Security researchers have discovered a rare strain of AutoCAD malware that opens up compromised machines to secondary exploits. ACM/SHENZ-A poses as a legitimate component of AutoCAD software for computer-aided design (CAD). But analysis by security researchers at Trend Micro has revealed that the malicious file opens up …
If I was a state actor, or a serious industrial espionage outfit, it would be very sensible to target software packages that are dominant in narrow markets. The fact that AutoCAD files might also contain jolly juicy info about new designs and technology is very enticing.
By the same logic, Siemens' SCADA stuff for industrial process automation would be exciting. Oh, wait.
Of course, it depends on the market domain of the software. I'm told that InDesign replaced QuarkExpress as the leading professional magazine layout application, but presumably the Chinese/Americans/Russians don't feel the need to know what's in next month's issue of People magazine.
Allow me please: http://www.fourmilab.ch/autofile/www/chapter2_35.html
""Allow me please: http://www.fourmilab.ch/autofile/www/chapter2_35.html
So did any of the other language interfaces appear?
I think people misunderstood my original comment.
LISP has a reputation of being tricky to implement well (mostly in the garbage collection side) so it's a tough target to implement and (perceived) to be an odd choice for what is likely to be a pretty compute heavy application.
It's a real "left field" choice.
And I quite like that.
OK, someone sends you an Autocad file containing an autorun macro, which if opened, tries to create an admin account under Windows. Does this malware work if you don't already have admin rights.
"AutoCAD software has long included an option to warn you when opening a drawing or project file that includes embedded macros. From that warning dialog box, you can disable the macros before they are able to execute."
http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=12903754&linkID=9240617
But some people are idiots some of the time.
And all it takes is for one drafter to click the "Yes, go ahead" button and the entire company is compromised, because that drafter will probably have access to all the company's drawings.
Yet another reason why AutoCAD is damaging.
I see so many projects late and over budget due to AutoCAD - it doesn't help you avoid stupid mistakes, and actively causes errors in many cases because it isn't capable of solid modelling.
Drafting packages like AutoCAD are pointless, and have been for more than a decade. Get an actual design package!
Totally agree, 2D drafting packages should die rather than become the bloated 'jack of all trades, crap at all trades' shite they are now (and AutoCAD is the worst). Unfortunately, it's often the LISP drivers of AutoCAD which are the CAD package decision makers in Engineering and Design companies. In 20 years of electrical design, I have only ever used vanilla AutoCAD (without elec. design addons) or similar to produce drawings, even though the discipline maps itself to a database driven model fantastically well (see Zuken E3).