Home / malware Virus:ALisp/Bursted.A
First posted on 24 August 2019.
Source: MicrosoftAliases :
Virus:ALisp/Bursted.A is also known as AutoLISP/Bursted, Virus.ALS.Bursted, AL/Bursted-A, ALS/Bursted, ALS.Bursted.B, ALS_BURSTED.A.
Explanation :
Virus:ALisp/Bursted.A is a file infector written in the AutoLisp scripting language for AutoCAD. It only infects AutoCAD AutoLisp (.LSP) files and is not capable of infecting other types of AutoCAD files (for example, .DWG files). InstallationUpon execution, Virus:ALisp/Bursted.A locates the default AutoCAD Support folder by querying the location of the file base.dcl. It then creates a copy of itself as the file acadapp.lsp in the Support folder. It then executes the acadapp.lsp file. The file acadapp.lsp infects the acad.lsp file that is by default located in the Support folder. When a drawing is opened using AutoCAD, the file acad.lsp is automatically run, thus executing the virus. Spreads Via... File InfectionVirus:ALisp/Bursted.A spreads by searching for AutoCAD drawing files that do not have the file name drawing.dwg,as this is the default file name for a new drawing. It then adds a copy of itself in each folder containing the drawing file using the name acad.lsp. Payload Modifies and Adds AutoLISP CommandsVirus:ALisp/Bursted.A defines the following AutoLISP commands with its own code: explode xref xbind It defines the explode command to display the following:
"Seltct objects:found"
"was able to be explode" It also defines a new command called burst, which displays the following:
"BURST----+½-++T+-¦-+-+++¿+¬¦=¦++¬-¦¦s" Analysis by Patrik VicolLast update 24 August 2019
