Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"Good! Its very good blog the for the people who are having debit collection and credit report ..."
on Fake Microsoft anti-spyware site stealing credit card info
by identity theft lawyers | Jul 4, 2009 6:55 PM
 
"nothing"
on Ads on Facebook serving up adware
by UMAIR | Jul 4, 2009 5:54 PM
 
"Thank you "
on Search engine promises completely private surfing
by Dr. Holub | Jul 4, 2009 11:17 AM
 
"Agree that wireless hotspots are an easy way for hackers to gather information from connected ..."
on New devices make hotspots a hacker's paradise
by Patrick Hooper | Jul 3, 2009 4:06 AM
 
"Katarzyna what has this got to do with Symantec?? "
on Mobile phone directory service faces consumer uproar
by PaulC | Jul 2, 2009 12:55 PM
Web

Badbunny worm attacks OpenOffice across Windows, Mac and Linux

  • Email a Friend
  • Print Page
Badbunny worm attacks OpenOffice across Windows, Mac and Linux
Related Articles
By Jim Carr
May 24, 2007 7:31 AM
Tags: Multiplatform | Badbunny | worm | attacks | OpenOffice | across | Windows | Mac | and | Linux
A proof-of-concept multiplatform macro worm that can attack OpenOffice on Windows, Mac and Linux PCs, has been sent to security vendor Sophos.
The "Badbunny" worm attempted to download and display an indecent JPG image of a bunny-suited man.

The SB/Badbunny-A worm could infect users who open an OpenOffice Draw file called badbunny.odg, researchers at the Boston-based vendor said. A macro included in the file performed different functions depending on whether the user is running Windows, the Mac operating system or Linux.

The "upside" of Badbunny, said Ron O'Brien, a senior security analyst at Sophos, "is that it was not found in the wild. It was sent directly to the Sophos lab."

However, its existence has negative security ramifications for Mac and Linux users, he said.

"It's in a category of what we'd call "proof of concept," and it's the first volley of malware that operates on all three platforms," said O'Brien.

"It's clearly an indication that this person is making a statement about whether one operating system is more insecure than another, and we can expect to see additional malware that's capable of operating across multiple platforms."

In Windows, the worm dropped a file called drop.bad, which moves to the system.ini file in a mIRC folder. It also dropped and executed badbunny.js, a JavaScript virus that replicates to other files in the folder, according to Sophos.

On Mac, the worm dropped one of two Ruby script viruses (in files called badbunny.rb or badbunnya.rb).

On Linux operating systems, it dropped badbunny.py as an XChat script and badbunny.pl, a Perl virus infecting other Perl files.

Linux and Mac users "need to be more diligent in providing protection for the machines with those operating systems," said O'Brien. "Up to this point, they've been able to avoid what some consider the added expense of spending money on software and resources required to maintain up-to-date anti-virus software."

In May 2006, Sophos researchers discovered the first malware for StarOffice, Sun Microsystems’ commercial productivity suite. Called the Stardust virus, that malware attempted to download a picture of porn star Silvia Saint.

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Exclusive Data Centre - Sponsored Content by Microsoft
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
apple applications attacks download flaw java mac malware microsoft osx patch patches security system tored tuesday updates vulnerability websites windows