The two main types of viruses that can affect AutoCAD are VBA macros embedded in drawing files and AutoLISP that runs automatically when a drawing is opened.
VBA Macro Viruses
AutoCAD installations have included VBA since AutoCAD 2000, making it possible to embed VBA projects into drawing files. Once it is part of a drawing, a macro can become active when the drawing is loaded. If that drawing is shared with others, the macro has the potential to affect any computer on which it is active. VBA macros are capable of manipulating your drawing data, accessing your hard drive and registry, and even calling Windows API methods.
An AutoLISP-based virus typically occurs via an AutoLISP file that runs automatically when a drawing is opened. Such startup AutoLISP files include:
acad<version number>doc.lsp (e.g. acad2013doc.lsp): An Autodesk-provided file that runs every time a drawing is opened
acad<version number>.lsp (e.g.acad2013.lsp): An Autodesk-provided file that runs once when AutoCAD is launched
acaddoc.lsp: A user-created file that runs every time a drawing is opened
acad.lsp: An older-style file that runs once when AutoCAD is launched
The primary way you would get an AutoLISP-based virus would be through one of these files. Typically, someone receives a .zip file or an archive containing drawing files and one of these starts up AutoLISP files. When the user extracts the archive to a folder and loads one of the drawings, the included AutoLISP file is also loaded. That’s all it takes to initiate the virus. Once this rogue file is loaded, it will execute its contents.
Don’t underestimate the power of AutoLISP. Not only is it an extremely powerful programming language for AutoCAD, but it is also capable of
Executing AutoCAD commands
Running VBA macros
Executing Windows apps using the (startapp) method
Creating, modifying, and deleting files on your computer
Providing full access to your Windows registry
How to Avoid Viruses in AutoCAD 2013:
Service Pack 1 for AutoCAD 2013 includes new security options that help prevent malware and viruses. Details can be found in the following document:
AutoLISP and VBA Security Controls in AutoCAD 2013 SP1
How to Avoid Viruses in AutoCAD versions prior AutoCAD 2013:
Most leading antivirus packages are aware of the most common AutoLISP viruses and will quarantine the AutoLISP files when detected. You can also decrease your odds of getting one of these viruses by developing the following habits:
Never blindly extract an archive without checking its contents
AutoLISP-based viruses usually get into a system because they accompany other files. When you receive an archive (.zip, .rar, etc.), always inspect the contents before unpacking them onto a network or local drive. Be wary of archives that also include executables (.exe), ObjectARX files (.arx), or AutoLISP or VBA files.
Never run an unknown AutoLISP file or VBA macro without inspecting it first
There are many useful VBA and AutoLISP files available for download and shared by users and programmers all over the world. Most of these are probably fine, but if you don’t know where a file came from, you shouldn’t assume it is safe. VBA and AutoLISP are powerful languages that are capable of operations that will affect more than just the current drawing. Unless you are completely confident about the origin of a file and its creator, it’s worth the extra time to inspect the file before using it.
Enable the macro virus protection in AutoCAD
Anticipating the potential for problem macros, AutoCAD software has long included an option to warn you when opening a drawing or project file that includes embedded macros. From that warning dialog box, you can disable the macros before they are able to execute. The warning dialog box is enabled by default in AutoCAD; if, for any reason, this dialog display becomes disabled, it can be turned back on by running the VBARUN command, choosing the Options button, and checking “Enable macro virus protection.” This setting will be saved in the current profile.
By following these tips and using a little diligence and common sense, you can easily avoid introducing viruses into your AutoCAD work environment.