Nefarious list processing: viruses vs AutoCAD

Jakub Kaminski Microsoft
Raymond Roberts Microsoft

It's been 12 years since the first virus targeting AutoCAD appeared - more a proof of concept than a serious threat, but it started a trend that continues today. AutoCAD is a popular CAD (Computer Aided Design) software application, which is used across a broad range of design fields.

AutoCAD's users are a homogeneous and growing group that uses specialized software to solve complex design issues. The AutoCAD community is very active, and many forums are dedicated to sharing users' experience and knowledge. What's important from a security point of view is that users exchange not only practical tips, but also code.

Taking these factors into account, and the potential loss of intellectual property and productivity, this paper examines the current state of AutoCAD malware. Our examination includes prevalence data, automation mechanisms (for example the auto-load feature), scripting languages available to AutoCAD users, and file formats supported. We also look at the history and classification of different AutoCAD malware, the changes these families have undergone as they evolved, the various methods and techniques used by the malware to perform their tasks, as well as the challenges associated with providing protection against these types of threats.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.