Home / malware Virus:ALisp/Pobresito
First posted on 07 November 2014.
Source: MicrosoftAliases :
There are no other names known for Virus:ALisp/Pobresito.
Explanation :
Threat behavior
Installation
ALisp/Pobresito (also knwon as Extacis or Sictax) was the first virus written in AutoLISP. It was created in early 2000.
This virus of Peruvian origin has never spread in the wild, due to its purposefully limited infection capabilities, for example by only infecting files in drive A:.
The virus infects files named acad.lsp. These files are loaded and run automatically when AutoCAD is started or when a drawing is opened, depending on the location of the script.
When you open an AutoCAD drawing from the folder containing the infected acad.lsp file the virus is loaded and run.
Payload
Erases AutoCAD drawings
ALisp/Pobresito kidnaps shortcuts to three AutoCAD commands: .line, .erase and .zoom.
Entering l, e or z in the AutoCAD command area will trigger the virus payload. All objects from a current drawing will be erased and replaced by the malware author's text as shown below:
Analysis by Jakub Kaminski
Symptoms
The following can indicate that you have this threat on your PC:
- You see this message when you open your AutoCAD files:
Last update 07 November 2014
