Home / malware Virus:ALisp/Bursted.BK
First posted on 08 June 2012.
Source: MicrosoftAliases :
There are no other names known for Virus:ALisp/Bursted.BK.
Explanation :
Virus:ALisp/Bursted.BA is a script virus written in AutoLisp for AutoCAD, a computer-aided drafting application. The virus infects other AutoLisp script files with file extensions ".lsp" and ".mnl".
The malware checks for AutoCAD installation folders by searching for the file "base.dcl". Typically this file will be present in the folder:
%AppData%\Autodesk\AutoCad <year>\r<version>\enu\support\
The virus copies itself to the above folder using the name: "acadappp.lsp"
It also modifies the file "acad.mnl" in the same folder by appending two lines:
- (load €œacadappp.lsp€Â)
- (princ)
The virus adds one copy of an infected file named "acad.lsp" to every folder that contains the infected user's drawings.
Analysis by Jakub Kaminski
Last update 08 June 2012