14 DAY TRIAL // Security researchers have come across an interesting AutoCAD malware which they’ve dubbed ACM_SHENZ.A.
According to Trend Micro experts, the malware is disguised as an AutoCAD component. After it infects a device, it creates an administrator account on the operating system and network shares for all drives, and opens the ports associated with the Server Message Block (SMB) protocol.
Judging by its functionality, experts believe ACM_SHENZ.A might have been designed to lay the ground for other attacks.
For example, the administrator account created on infected machines allows cybercriminals to steal files and plant other malware without going to the trouble of cracking passwords for existing accounts, or creating new ones remotely.
In addition, by opening the SMB ports, the attackers can exploit unpatched SMB vulnerabilities to take control of the targeted system.
There are a number of advantages to using AutoCAD malware. First of all, few users would expect to see a threat disguised as an AutoCAD file. Furthermore, all the AutoCAD documents that are opened after the system is infected become a medium for further spreading the malicious element.