In
recent years we are assisting to a profoundly change in the nature of
malware, it is increased the development for spy purposes, for its
spread in both private and government sectors. The recent case of Flame
malware has demonstrated the efficiency of a malicious agent as a
gathering tool in a typical context of state-sponsored attack for cyber
espionage.
Event like this represent the
tip of the iceberg, every day millions of malware instances infect pc in
every place in the world causing serious damages related to the leak of
sensible information. Specific viruses are developed to address
particular sectors and information, that is the case for example of
“ACAD/Medre.A”, a malware specialized in the theft of AutoCAD files. The
virus has been developed to steal blueprints from private companies
mostly based in Peru according the expert of the security firm ESET.
The virus is able to locate
AutoCAD file on infected machines and to send them via e-mail to
accounts provided by two Chinese internet firms, 163.com and qq.com.
The malware detected is written
in AutoLISP, an AutoCAD scripting language, ACAD/Medre for the shipment
of stolen data creates a password protected RAR-file containing the
blueprints and the requisite “acad.fas” file and a “.dxf” file and send
it separately by e-mail. The .DXF file generated by ACAD/Medre contains a
set of information that the recipient uses to the collecting of stolen
files.
The password used for the RAR file is just one character equals to “1”.
Once discovered the email
accounts used to transfer the stolen data the group of researcher
noticed that the InBox for each of them was full, they turned out all
saturated by over 100,000 mails giving an idea of the dimension of the
attack.
The virus has been detected
several months ago but only in the last weeks it has been observed an
explosion of the number of infected systems.
The researcher Righard Zwienenberg
researcher of ESET declared “It represents a serious case of industrial
espionage,” “Every new design is sent automatically to the operator of
this malware. Needless to say this can cost the legitimate owner of the
intellectual property a lot of money as the cybercriminals have access
to the designs even before they go into production.”
“They may even have the guts to apply for patents on the product before the inventor has registered it at the patent office.”
The malware not limits its
action to steal Autocad projects, it also checks the presence of Outlook
email client to steal the pst file containing contacts, calendar and
emails, confirming its genesis of espionage tool.
For completeness of information
ESET provided a free stand-alone cleaner available for the ACAD/Medre.A
worm. Every time we speak about of cyber espionage we could not think
other that China, however the practice is really diffused and the fact
that the accounts are related to Chinese accounts is clue but not a
certainty.
It’s clear that Chinese hackers
are considered worldwide specialist in cyber espionage, the case of
Nortel is considered a case study for the impact of cyber espionage on
the business of private companies.
The Chinese government, and not
only, at least a decade sponsored espionage activities for stealing
trade secrets, confidential information and intellectual property of
various kinds. Many experts are convinced that thanks to their ability
to spy they were able, through the theft and reverse engineering of
products, to clear the technological gap with the western industry.
This time the Chinese
authorities have demonstrated a collaborative approach identifying and
blocking the accounts used for theft. Tens of thousands of AutoCAD
blueprints leaked, the team of ESET experts promptly contacted the
Chinese authorities such us Tencent company, owners of the qq.com
domain, and also the Chinese National Computer Virus Emergency Response
Center, their collaboration was essential to access to the account
blocking them.
Another lesson learnt is an
efficient fight to the cybercrime must be conducted with a total
collaboration of all the involved actors. Only in this way it’s possible
to conduct an efficient immunization
.
Written By: Pierluigi Paganini
[Source]
No comments:
Post a Comment