Blog

Fighting Attacks Using CAD application files

OPSWAT Data Sanitization (Content Disarm and Reconstruction) focuses on the application file (e.g., Microsoft Office document) to keep it from being used as a delivery method for unknown threats (e.g., zero-day threats). We categorize application files as "Big Rocks" that security leaders should focus on; these files cannot be simply filtered based on file type since end users need these files every day.

We’ve just added coverage of an important new application file to MetaDefender: Computer-Aided Design, or CAD, files. These file types are used by many organizations and professionals, but especially in the Architecture, Electrical Engineering, Mechanical Engineering, and Design industries. 

Macro with DWG file

DWG file is one of the most popular file formats used by CAD applications such as AutoCAD and Open Design Alliance compliant software. The most common vulnerability with DWG file is VBA macro, which we have seen in other application files such as Microsoft Office document files. Although some AutoCAD applications, such as AutoCAD LT®, allow for the disabling of the VBA macro, applying data sanitization would effectively remove any potential threat. Additionally, we remove abnormal content which can be used to store a potential payload. 

Here is quick demo video that illustrates how MetaDefender can be used to protect CAD files:

As you can see, the CAD file was crafted to execute a macro that acts as ransomware. Once the file is sanitized by OPSWAT data sanitization, the macro is removed without relying on malware detection so that opening the CAD file won't run ransomware behavior.

Sign up for a free trial of MetaDefender.

Special Thanks To :

For demo video, Vinh Lam. Software Architect, CTO office

For demo sample, Thai Van, Software Engineer, Data Sanitization team