Bursted drawings?

Filed Under: Malware, SophosLabs

This morning SophosLabs received samples of AL/Bursted-Fam from a customer.

The AL/ prefix denotes AutoCAD LISP viruses. As viruses go they are not very common. All the viruses are required to reside in the same folder as an AutoCAD drawing file.

This means that it doesn't spread on its own. If you received an email you cannot just double click on a .LSP file and be infected. Plus if someone who is infected sends you an AutoCAD drawing (.DWG) then they will not by default be sending you the .LSP file.

The only way you could be infected is if you:

  • receive or download an archive containing both the .DWG and .LSP files
  • unarchive it to a local folder
  • open the .DWG infecting your AutoCAD environment

Or someone has maliciously infected your system with the virus.

As with all malware occurrences if you practice SafeHex then you are less likely to be affected by malware.

You might like