Security researchers at TrendMicro alerting AutoCAD users about new malware that takes .FAS form and open victim computers to attack. The malware is known as ACM_SHENZ.A and creates administrator privilege account that allows attacker to have a full control on targeted systems.
Malicious file can arrive on system as a file dropped by other type of malware or direct download when visiting a compromised website. The Trojan will create network shares to existing drives and open SMB ports that may expose vulnerable systems.
TrendMicro Screenshot for the malicious code
Malware creators have not obfuscated the code which makes the Trojan easier to detect by security researchers. Obfuscation is important to make the Trojan survive and to not allow security software companies easily reverse the malicious code.
While AutoCAD malwares are rare it is important to consider the following:
- Malware may take any form so be cautious about files you execute.
- Update your antimalware solution with latest definition.
- Never click on email links or open WebPages that are for suspicious owners.
- Keep all your software up-to-date especially web browser that can be the point of entry for malicious program.
- Use strong passwords.
- Make sure that all your sensitive information been transmitted in encrypted form with SSL.