Bursted is a virus written for AutoCAD's embedded scripting language,
AutoLISP. It replicates in a separate file, "acad.lsp" that is automatically
executed by AutoCAD. It does not affect the actual drawing files.
Detailed Description
The virus arrives in a file "acad.lsp" that is located in the same directory
as the AutoCAD drawing files. When the drawing is opened, AutoCAD will
automatically load and execute the contents of the "acad.lsp".
The virus copies itself to AutoCAD's Support directory as "acadapp.lsp". The
virus also appends the load command to the "acad.lsp" in the Support
directory, so the virus will be executed every time when AutoCAD is started.
After that the virus will copy itself to every directory as "acad.lsp" from
where the user opens AutoCAD drawings.
Payload
The virus hooks three AutoCAD internal commands - EXPLODE, XREF and XBIND -
effectively disabling them. Additionally the virus will change the existing
BURST command so that it will display the following message:
![](/images/pixel.gif"){kind=tracking}
