ACAD/Medre.A is a worm that is highly effective at what ACAD/Medre.A does: steal AutoCAD drawings. AutoCAD is a program that is essential for engineers and architects and is widely used to draw blueprints and other important documents. The ACAD/Medre.A worm has a very specific line of attack and is designed to steal these often highly-sensitive files. The ACAD/Medre.A worm can also be harmful for computer users with no relationship to AutoCAD since ACAD/Medre.A also has the ability to steal email information. Basically, the ACAD/Medre.A worm has a virus-like capability to infect AutoCAD files in order to spread itself from one computer to another (ensuring that its victims will have some relationship with AutoCAD). ESG security researchers strongly advise to be on the alert for attacks similar to the ACAD/Medre.A worm if you use AutoCAD. Although this is certainly a very specific niche, it can be highly profitable for criminals due to its potential for industrial espionage.
ACAD/Medre.A Disguises Itself as an AutoCAD File in Order to Steal Data
The ACAD/Medre.A worm and similar malware have been associated with state-sponsored malware attacks and high-level malware creators interested in industrial sabotage and espionage. The ACAD/Medre.A worm can target AutoCAD 2000 through 2015. Basically, ACAD/Medre.A can corrupt existing AutoCAD files as well as creating malicious files that are disguised to resemble legitimate AutoCAD files. When a file corrupted by ACAD/Medre.A is opened, it will launch the ACAD/Medre.A's malicious executable and allow it infect other AutoCAD files on the infected machine. Unfortunately, since the ACAD/Medre.A worm is mainly used to steal sensitive data, ACAD/Medre.A will rarely, if ever, display explicit symptoms of an infection.
ACAD/Medre.A's Main Lines of Attack
The ACAD/Medre.A worm is very good at what ACAD/Medre.A does and can rapidly spread throughout a computer system or network. Basically, ACAD/Medre.A carries out its attack using the following tactics:
- ACAD/Medre.A will detect all AutoCAD files with the DWG extension and then transmit these to a remote server via email.
- The ACAD/Medre.A worm can also steal email information on Outlook or Thunderbird in order to carry out future attacks.
- The ACAD/Medre.A worm also has a sophisticated component that creates a RAR archive. This archive will include the stolen files' metadata and the ACAD/Medre.A worm's own code.
Most of the time, the initial ACAD/Medre.A infection will come from a malicious email attachment. Because of this, ESG security researchers strongly advise scanning all AutoCAD files received via email with an updated anti-malware program before they can infiltrate your computer system. While people that do not use AutoCAD will not be affected greatly by ACAD/Medre.A, industry professionals that rely on this program should consider ACAD/Medre.A a significant threat.
File System Details
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.