This post is also available in: Slovenian
Finding new ways of spreading viruses has also led to Autodesk AutoCAD product and to take advantage of the AutoCAD platform for changing the start webpage. What web page is the most visited on each computer? Start page, of course . Last week was spreading on internet two new AutoCAD Trojans: Trojan- Downloader.Acad.Qfas.b and trojan.Acad.Qfas.o . First in Asia, but this week it was blocked as malware on our mail server in Slovenia too .
Trojans as malware are popular also for modifying the start webpage which redirects to the specific webpage full of ads. Websites are paid according to the amount of web traffic.
This viruses change start webpage in all browsers from IE , Chrome, Firefox to Maxthon and redirects web traffic to the sites zxb.isdun.com , ap.zeqi.info and www.hao123.com .
Trojans are written in AutoLISP and VBA using file extension *.fas. Fas only a few virus scanners can fully
read , but now all AV can block these specific fas files. It is suspected to have originated from Russia.
AutoLISP is a programming language used by AutoCAD and its derivatives AutoCAD Map 3D , AutoCAD Architecture , AutoCAD Mechanical . In addition, AutoLISP is also used by other CAD applications such as FelixCAD , Bricscad , IntelliCAD .
Trojan.Acad.dwgun.e , Trojan.ACAD.Bursted.G , Trojan.Acad.Qfas.a , Trojan.Acad.Hybernate.SS , Trojan.Acad.B , Trojan.Acad.Hybernate , Trojan.Acad.Agent . a Trojan.Win32.VBKrypt.wlz , Trojan.Acad.Agent.a , Trojan.FakeAV – 3835 , Virus.ALS.Bursted , Virus.Acad , Trojan.Acad.Qfas.c , Troj / QFas – B Virus.Acad . Bursted.e .
For more details about Trojan.Acad.Qfas virus you can read article by Vigi Zhang , Kaspersky Lab Expert Article on Secure List .