New red threat? Virus stole, sent thousands of blueprints to China

Reuters/Carlos Barria
A previously unknown cyber worm preying on machinery blueprints has been exposed in Latin America. The new virus steals the blueprints and sends them to e-mail accounts registered in China. A number of machines in the US have been infected.

The worm dubbed ACAD/Medre.A targets the AutoCAD program used by architects, engineers, project managers and designers to create blueprints, including machines, buildings, household appliances and other inventions.

Cyber security firm ESET that exposed the virus reports it mostly affected computers in Peru and leaked thousands of original blueprints for machinery and other products to e-mail accounts at two Chinese Internet provider websites, and

It is unclear whether the recipients of the e-mails were Chinese, or if hackers simply set up the accounts on Chinese servers to divert attention from their real location.

Internet security firm ESET spotted a spike in ACAD/Medre.A infections in Peru. It is believed that the virus spread through an AutoCAD template that Peruvian companies downloaded from a specific website. Other firms doing business with these companies had to download the same template, resulting in further contagion.

Countries where the virus was also detected on a small number of computers include Ecuador, Colombia and the United States. Most of them were in Latin America.

ACAD/Medre.A is a serious example of suspected industrial espionage,” said Richard Zweinenberg, senior research fellow at ESET. “Every new design created by a victim is sent automatically to the authors of this malware. Needless to say this can cost the legitimate owner of the intellectual property a lot of money as the cybercriminals will have the designs before they even go into production by the original designer.

He noted that the hackers may even go so far as to obtain patents on the stolen designs before the original author registers it at the patent office.

The inventor may not know of the security breach until his patent claim is denied due to prior art,” he noted.

While the data was clandestinely transferred to e-mail accounts based in China, the nationality of the hackers remains a mystery. Tencet, the company operating one of the websites hosting the e-mail accounts, actively cooperated with the ESET investigation and blocked the accounts in question.

The Chinese National Computer Virus Emergency Response Center (CVERC) also responded promptly and helped get the e-mail accounts removed.

Autodesk, the company that designs AutoCAD, also assisted ESET in the clean-up.

By working with Autodesk, Tencent and CVERC, we were able to not only alert and inform users but also defeat the e-mail relay system used by the attackers and deny them access to the e-mail boxes, so the damage is now contained,” Zweinenberg noted.

China’s reaction could help to dispel its notorious reputation of being a major source of industrial espionage online.