Malware by infected DWGs ?

I read this on a popular german computer news side :
https://www.heise.de/security/meldung/Gezielte-Angriffe-gegen-Firmen-mit-Trojaner-in-AutoCAD-Dateien-4236488.html
(Caution : It is in German)

They write about a warning from a security company :
https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft

Is that something that could tangent me too,
or would Bricscad warn and ask before executing such kind of Skripts ?

Comments

  • Roy Klein Gebbinck
    edited December 2018

    Strictly speaking DWG files are not infected, but a separate Lisp file is causing this. This Lisp file is unpacked from a compressed archive (a ZIP file for example) along with the drawing(s), and is not noticed by the end-user because its hidden attribute is set. Because the Lisp file is called acaddoc.lsp (or acaddoc.fas in this case) it is automatically loaded when the user opens the drawings that have been unpacked in the same folder. To deal with this issue AutoCAD has introduced the concept of 'Trusted Locations'.

    As BricsCAD user an acaddoc.* (or acad.*) file will never accidentally affect you, but the same trick could be performed with the filenames used by BC. So you should always be wary when you unpack a compressed archive. Making sure that hidden files are displayed in your 'File Explorer' helps of course, and is a no-brainer anyway IMO.

  • Thanks a lot Roy,
    so this is something most experience users were familiar with.
    For me it was new.

    So my standard project behavior, throwing al Attachments in my
    Container Folder from where I sort all PDF, CAD Files, ... first and
    throw them in their appropriate Folders - would help even if I
    don't see the script because it won't be in the same Folder
    as the DWG - and I would get a message when opening the drawing
    that something is missing (?)

    I have no hidden files visible in macOS, but the Script may be visible
    anyway because it may be a Windows only hidden attribute.
    I currently show hidden files in Windows but that is quite disturbing.

    But there is no "deactivate Macros" option in DWG Apps like for
    Office Documents ?

  • @Michael Mayer said:
    Thanks a lot Roy,
    so this is something most experience users were familiar with.
    For me it was new.

    So my standard project behavior, throwing al Attachments in my
    Container Folder from where I sort all PDF, CAD Files, ... first and
    throw them in their appropriate Folders - would help even if I
    don't see the script because it won't be in the same Folder
    as the DWG - and I would get a message when opening the drawing
    that something is missing (?)

    I have no hidden files visible in macOS, but the Script may be visible
    anyway because it may be a Windows only hidden attribute.
    I currently show hidden files in Windows but that is quite disturbing.

    But there is no "deactivate Macros" option in DWG Apps like for
    Office Documents ?

    Michael,

    This is a very specifically written attack. It's targeted at AutoCAD Windows users, I very much doubt it would work on the Mac platform, different OS, different product capability. Also this issue has been noted before, the article references dates from 2014. Perhaps it has become topical again due to all the noise about Huawei?

    Here is reference to another example from 2009. Less sophisticated, but annoying none the less.
    http://www.cadalyst.com/cad/autocad/autocad-virus-alert-12886

    I don't think have a de-activate or trusted path option would be a fix. In AutoCAD you can easily program around these roadblocks. It tends to just interfere with legitimate use. Personally, I think if you exercise vigilance, use a reputable antivirus/firewall, and back up regularly that you will be ok.

    Running BricsCAD on a Mac already makes it pretty hard :-)

    Regards,
    Jason Bourhill
    CAD Concepts

  • @Michael Mayer
    Jason is right, the virus also relies on ActiveX which is unique to Windows.
    But your procedure of unpacking in a dedicated folder should be effective as well.

  • I think I got it.

    But because of being tired from waiting 2-3 months longer
    for the macOS Version of Bricscad, with less stability and some other
    reasons - I built a PC on Windows now too.

    As I still did not find adequate peripheral freelancer and office Software
    so far, my administration is is still on Mac.
    That is where I could see bad hidden Windows things likely by default.

    But it doesn't help when I may be fully on Windows one day or when
    pushing trojan crap over to Windows from Mac anyway.

  • RSW
    RSW
    edited December 2018

    @Michael Mayer said:

    • I built a PC on Windows now too.

    :)

    As I still did not find adequate peripheral freelancer and office Software
    so far, my administration is is still on Mac.
    That is where I could see bad hidden Windows things likely by default.

    How about using Filemaker for your administration?

    Most things for Windows that attack the operating system don't work on Mac, the only thing that could work are application specific attacks using scripts en macros etc. that make the application do things you don't want it to do (e.g. damage working files etc). Unless they manage to write something in platform independent code (e.g. java/javascript etc.). Though I can't say I have run into virus infections since I switched from Mac to Windows almost years ago (famous last words maybe :D , as the past is no guarantee for the future most of the time). There are virus infected mails being intercepted from time to time but that is where a good internet security program comes into place. Common sense and some reasonable precautions can get you a long way. As wel as backup, backup, backup.

  • RSW
    RSW
    edited December 2018

    Regarding the security issue, you may want to read the comments section of this blog article, it is at times highly entertaining to see how Autodesk staff member is trying to wiggle itself out of the corner he/Autodesk painted themselves in.
    https://www.cadnauseam.com/2017/03/24/autocad-2018-why-did-the-dwg-format-change/

  • With my current experience, so far I am not really convinced by Windows.
    Under the nice hood there weren't as much changes and improvements
    as I had expected.
    I even already feel more comfortable and safe with Linux !
    Windows is very compatible and runs all my 3D Pro Software well or much
    better than on Mac. But for all peripheral things I am pretty disappointed.
    That higher risk of attacks doesn't make it better.

    So far I only see running Pro Software only on Windows and the need to
    keep the Mac for everything else. But I never liked the need to maintain
    2 computers.
    So time will tell if I will ever go Windows completely, what I initially thought.

This discussion has been closed.