ACAD.Star: Computer Viruses Invade AutoCAD

19 Jul 2000
Virus News

The first try is always just the first attempt

Cambridge, UK, July 20, 2000 - Kaspersky Lab Int., an international anti-virus software development company, announces the discovery of a first computer virus that affects the world's most popular PC-based design software AutoCAD (www.autocad.com) originally developed by Autodesk company. The ACAD.Star virus was published on the 18th of July on the Internet at one of the web sites dedicated to virus development by a hacker named AntiState. At the moment, Kaspersky Lab has not received any reports of this virus being "in-the-wild".

AutoCAD is widely used throughout the world for architectural design, construction, surveying, engineering, cartography, and movie and computer games production etc. It became possible for computer viruses to affect these systems after Autodesk has recently licensed from Microsoft its macro-programming language, Visual Basic Application (VBA). Exactly in this language, macro-viruses are created (now an average of 70% of all virus infections) for the popular office applications like Word, Excel, Access.

ACAD.Star is an extremely primitive macro-virus, 568 bytes in length, written in VBA macro-language, and able to affect only systems running the AutoCAD version 2000. It is primitive not only because of its length, but functionality as well: the virus's author made some fatal mistakes, which nearly disable the virus' capabilities for proliferating under normal operating conditions. Kaspersky Lab anti-virus experts have spent a lot of time and effort to produce a number of virus strains that are good enough to perform a comprehensive analysis. It is nearly impossible for an ordinary AutoCAD user to repeat this "gest" and accidentally create a set of special conditions allowing the virus to propagate. "We classify this case as a "first try," which, as is known, are not always successful," said Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab. "However, the discovery of this virus demonstrates security breaches in AutoCAD, which used to be virusless up to quite a recent time. We consider that these vulnerabilities could be further exploited by other AutoCAD-viruses - more vital and even dangerous."

At the beginning of 2000, Kaspersky Lab experts published an article (available on the web site here) describing their view of the future of macro-viruses, which will likely create a feeling of de javu. It reads: " By 1999, more then 100 software manufacturers had purchased a license to use VBA macro language in their software. This means that macro viruses will be able to migrate seamlessly from MS Office to new applications (either in use or still to come)." There in no need to comment that the recent virus outbreak confirms the above forecast.

Protection against the ACAD.Star virus has was added to the AntiViral Toolkit Pro (AVP) daily update on July 18. However, we recommend that you set up your protection with a universal defence against all types of macro-viruses, including those for AutoCAD. AVP Office Guard, which is based on the breakthrough principles of behaviour blocking and available in AVP for MS Office 2000 package, gives you a true 100% guarantee for full control over all macro-viruses on a protected system.

You can evaluate AVP for MS Office 2000 by downloading it from the Kaspersky Lab web site at www.avp2000.com.

To purchase AntiViral Toolkit Pro, please visit our online store or contact your nearest Kaspersky Lab distributor.