0 Members and 1 Guest are viewing this topic.
A new Adware Trojan has recently been identified as using AutoCAD as a delivery vehicle for installing Browser Helper Objects that cause IE to display popup ads.This malware was first reported by the Webroot Threat Blog in this article:AutoCAD Adware Trojans Target TechiesYou can read the Webroot posting for all the details but, in a nutshell, a Windows stub application checks the system for AutoCAD installations, downloads the appropriate version of ObjectARX app from servers in China and modifies startup AutoLISP files to load that ARX app the next time AutoCAD is started. Once the ARX app loads and runs it does several things to the system that ultimately allow advertisements to appear when the user is viewing certain popular Chinese search engine results and when the time zone of the infected system is set to Beijing.All indications are that AutoCAD is only being used as a delivery mechanism in order to make it harder to detect the malware (since anti-virus software doesn't tend to look at ObjectARX files). It should also be noted that this kind of infection seems to specifically target machines that are in use in China or have been used in China......
