AutoCAD virus is a blast from the past

Thanks are due to my SophosLabs colleague Paul Baccas who today brought my attention to a fairly unusual sighting in the malware world – an AutoCAD virus.

It turns out that Autodesk, the makers of AutoCAD, blogged last week about the emergence of the new virus which can spread via VLX (Virtual Lisp) files. That news didn’t pop up on my radar for one very good reason – it’s not a place I regularly visit! After all, the last time Sophos wrote about AutoCAD malware was over two years ago.

Here’s what AutoDesk are saying about this latest incident on their blog:

AutoCAD virus alert

However, we did at the end of last month see another piece of AutoCAD malware (AL/Utax-A) so it’s possible that someone shady is experimenting with what is possible within the platform.

Sophos products detects the malicious Virtual Lisp file, that spreads within the AutoCAD environment, as AL/Logo-A.

It’s important to remember to keep the AutoCAD malware threat in proportion – the examples we’ve seen are tiny in number compared to, say, the amount of Windows-based malware we see every day and you’re quite unlikely to encounter these attacks in your regular working day.

Nevertheless, it’s also worth bearing in mind that the typical AutoCAD user doesn’t place much importance in considering the security implications of what they’re doing and the script they’re running – which could lead to an unfortunate infection if you were unlucky enough to be in the firing line.