 |
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Asia. --------------------------------------------------------------
|
OpenOffice macro worm exposes bad bunny
By Brett Winterford
Wednesday, May 23 2007 10:34 AM URL: http://www.zdnetasia.com/news/security/0,39044215,62015161,00.htm Sophos has warned users of the multi-platform OpenOffice productivity tool not to open any files named "badbunny.odg", which releases a worm exposing users to an image of a man in a bunny suit and a scantily clad woman performing a sexual act in woodland. The macro-based worm, named SB/Badbunny-A, does not appear to pose any threat to infected systems aside from downloading and displaying the pornographic JPEG image. But the virus does expose some holes in the productivity tool. Users that open badbunny.odg launch a macro that behaves in several different ways depending on the user’s operating system. On Windows systems, it drops a file called drop.bad which is moved to the system.ini in the user’s mIRC folder, while executing the Javascript virus badbunny.js that replicates to other files in the folder. On Apple Mac systems, the worm drops one of two Ruby script viruses in files called badbunny.rb and badbunnya.rb. On Linux systems, the worm drops both badbunny.py as an XChat script and badbunny.pl as a Perl virus. "This is old-school malware--seemingly written to show off a proof of concept rather than a serious attempt to spy on and steal from computer users," says Graham Cluley, senior technology consultant for antivirus vendor Sophos. "A financially motivated hacker would have targeted more widely used software and not incorporated such a bizarre image. This is not a piece of malware which we expect to see spreading in the wild, despite its use of a photograph of unusual wildlife." Sophos has posted an edited version of the image on its Web site. |