Malware targeting OpenOffice documents is spreading through multiple operating systems including Mac OS, Windows and Linux, according to Symantec.
According to the Symantec Security Response Web site, the worm is capable of infecting multiple operating system platforms and is spreading.
The advisory said: "A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux, and Mac OS X systems. Be cautious when handling OpenOffice files from unknown sources."
In an interview with ZDNet Australia last week, Jan Hruska, who co-founded rival antivirus firm Sophos and was one of the first ever PC antivirus experts, said that the Apple Mac is not a virus-free platform.
"Viruses on the Mac are here and now. They are available and they are moving around--it is not as though the Mac is in some miraculous way a virus free environment.
"In terms of numbers, the number of viruses coming out for non-Mac platforms is higher. It gives a false impression that somehow Apple Macs are all virus free," said Hruska.
The worm was first spotted late last month but at the time, it was not thought to be "in the wild".
Once opened the OpenOffice file (badbunny.odg) launches a macro that behaves in several different ways depending on the userÂ’s operating system.
On Windows systems, it drops a file called drop.bad which is moved to the system.ini in the userÂ’s mIRC folder, while executing the Javascript virus badbunny.js that replicates to other files in the folder.
On Apple Mac systems, the worm drops one of two Ruby script viruses in files called badbunny.rb and badbunnya.rb.
On Linux systems, the worm drops both badbunny.py as an XChat script and badbunny.pl as a Perl virus.
Symantec rates the worm "medium risk".
Play video
» Ultimate virtualization blade
Seems the only platform that it actually "does" anything is Windows. I have been running Linux since 1999, and Windows since 1991, DOS since 1987, but exclusively Windows and Linux side by side since 1999. The only OS I have ever had any malware on is Windows. I have worked places (hosting providers) that had far more BSD and Linux servers than Windows servers, and Linux can be hacked, BSD less so because those users seem to keep the security levels tight on their servers, while the Linux server owners tend to install scripts that allow backdoor access to theirs. Of the several Windows servers, one was down constantly, owner didn't know how to set access rights and was constantly getting "hacked" over his remote desktop. The other Windows servers did their job, but as far as I can tell Windows is best left to the corporate desktop where big companies can afford major firewalls and IT security personnel. In the server room left to one or two mundane tasks, and no access to the system level except by authorized admins, Windows is good for that too. Ok, it does SQL stuff ok and has a snazzy interface for the DBM's, but who knows if your data will still be compatible with future versions. As a home user, I have never had a virus, spyware, adware, etc., on my Linux box, not so true with the Windows box. No I haven't tried Vista yet, and no don't tell me how much better it is. I heard the same thing about XP. XP is ok, but it is a little slow. On two identical laptops, except for the OS, Linux smokes XP. I don't mean DSL(damn small linux) or some other stripped down stuff either. Previously I was running Slackware 10.2, currently I am running Debain 4. I normally have dozens of apps running on the desktop, music or videos playing, plus all the background extras I have running, apache, postfix,MySQL, etc, etc... and it's still very responsive and a pleasure to use. I can open about 4 desktop apps on Windows before it's a strain to even get the mouse across the screen to click something and wait 4 minutes for it to open. It gets a little better if I turn the XP eye candy off, but then the desktop goes from tacky ugly to plain old ugly. Oh, and don't install any extra fonts, sheesh, talk about a Windows killer. I guess I could go through and delete some fonts I don't use, but which ones are those exactly? Gee, I hope I didn't delete that font I need for the Power Point or Word document I'm going to get, eventually. Anyway on Mac and Linux/BSD this worm is not something to really worry about. It drops programs onto the system that SOMEONE needs to execute for them to do anything. Someone might, but I almost doubt it. Windows, however, actually allows malicious activity on the system. Fix you user rights, don't run as an administrator, and for pete's sake don't freaking open documents from strangers. Now I am getting curious, I think I might go hunt this thing down and have a look at it.
Posted by JP Howard on Monday, June 11 2007 06:39 PM