Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."
on Shavlik Technologies to broaden its patch management offerings
by Werner K | Nov 26, 2008 8:36 PM
 
"That will enhance Microsoft Office system, including SharePoint - good platform for enterprise ..."
on Companies have security to consider with in-the-cloud Office
by SGE | Nov 25, 2008 3:29 PM
 
"how many users allow per session? because the digital persona password manager allows only 10 ..."
on DigitalPersona Pro Workstation/Pro Server
by Daniel | Nov 25, 2008 12:14 AM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"I have been the recipient of Agent.JEN.Trojan through an email suggesting a UPS parcel (including..."
on Trojan disguised as UPS delivery note
by Vincent Laing | Nov 13, 2008 4:01 PM
Web

Badbunny worm attacks OpenOffice across Windows, Mac and Linux

  • Email a Friend
  • Print Page
Badbunny worm attacks OpenOffice across Windows, Mac and Linux
Related Articles
By Jim Carr
May 24, 2007 7:31 AM
Tags: Multiplatform | Badbunny | worm | attacks | OpenOffice | across | Windows, | Mac | and | Linux
The "Badbunny" worm attempted to download and display an indecent JPG image of a bunny-suited man.

The SB/Badbunny-A worm could infect users who open an OpenOffice Draw file called badbunny.odg, researchers at the Boston-based vendor said. A macro included in the file performed different functions depending on whether the user is running Windows, the Mac operating system or Linux.

The "upside" of Badbunny, said Ron O'Brien, a senior security analyst at Sophos, "is that it was not found in the wild. It was sent directly to the Sophos lab."

However, its existence has negative security ramifications for Mac and Linux users, he said.

"It's in a category of what we'd call "proof of concept," and it's the first volley of malware that operates on all three platforms," said O'Brien.

"It's clearly an indication that this person is making a statement about whether one operating system is more insecure than another, and we can expect to see additional malware that's capable of operating across multiple platforms."

In Windows, the worm dropped a file called drop.bad, which moves to the system.ini file in a mIRC folder. It also dropped and executed badbunny.js, a JavaScript virus that replicates to other files in the folder, according to Sophos.

On Mac, the worm dropped one of two Ruby script viruses (in files called badbunny.rb or badbunnya.rb).

On Linux operating systems, it dropped badbunny.py as an XChat script and badbunny.pl, a Perl virus infecting other Perl files.

Linux and Mac users "need to be more diligent in providing protection for the machines with those operating systems," said O'Brien. "Up to this point, they've been able to avoid what some consider the added expense of spending money on software and resources required to maintain up-to-date anti-virus software."

In May 2006, Sophos researchers discovered the first malware for StarOffice, Sun Microsystems’ commercial productivity suite. Called the Stardust virus, that malware attempted to download a picture of porn star Silvia Saint.

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
exploit file fix flaw hackers kernel mac microsoft outofcycle patch proofsofconcept released reports rogue two virus vista vulnerabilities windows worm