Sunday, April 5, 2009

AutoCAD and DWG viruses made in VBA or AutoLISP

According to this Knowledge Base document: AutoCAD and Viruses “The two main types of viruses that can affect AutoCAD are VBA macros embedded in drawing files and AutoLISP that runs automatically when a drawing is opened.” The document also describes some ways to protect against potential viruses or malicious code.

It would also be possible that a virus comes through other means like ARX or DLL files possibly in combination with EXE, BAT, CMD or VBS files that could register the files to make them load automatically.

Personally I have never run in run into any AutoCAD related virus or malware. Probably because they are not that common.

ACAD.Star was probably the first VBA virus for AutoCAD and was discovered in 2000 by Kaspersky more than a year after the AutoCAD 2000 version was released.

Another way to get infected is if you download a cracked AutoCAD version that is injected with a virus or worm.

AL/Bursted-Fam is a family of AutoCAD LISP (AutoLISP) virus. If an infected file is received as ACAD.LSP and an AutoCAD Drawing is loaded from the same folder the virus becomes resident within AutoCAD. AL/Bursted-Fam edits the existing global ACAD.LSP or creates one to load  itself at AutoCAD startup from another LSP file in the same folder. When an AutoCAD drawing (DWG file) is editted an ACAD.LSP will be created in the same folder as the drawing. – Sophos. Another one is AL/Billy-A

One good thing with AutoCAD 2010 is that VBA is not even installed as default and eventually VBA will not be available for AutoCAD at all. :)


Some of the latest blog posts

Subscribe to RSS headline updates from:
Powered by FeedBurner