OpenOffice Worm Hits Mac, Linux and Windows

Viewing 1 reply thread
  • Author
    • #1412
      Don Donzal

      Article by Munir Kotadia of ZDNet Australia:

      update Malware targeting OpenOffice documents is spreading through multiple operating systems including Mac OS, Windows and Linux, according to Symantec.

      According to the Symantec Security Response Web site, the worm is capable of infecting multiple operating system platforms and is spreading.

      The advisory said: “A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux, and Mac OS X systems. Be cautious when handling OpenOffice files from unknown sources”.

      In an interview with ZDNet Australia on Thursday, Dr Jan Hruska, who co-founded rival antivirus firm Sophos and was one of the first ever PC antivirus experts, said that Apple Mac’s are not a virus-free platform.

      “Viruses on the Mac are here and now. They are available and they are moving around — it is not as though the Mac is in some miraculous way a virus free environment.

      “In terms of numbers, the number of viruses coming out for non-Mac platforms is higher. It gives a false impression that somehow Apple Macs are all virus free,” said Hruska.

      The worm was first spotted late last month but at the time, it was not thought to be “in the wild”.

      Once opened the OpenOffice file (badbunny.odg) launches a macro that behaves in several different ways depending on the user’s operating system.

      On Windows systems, it drops a file called drop.bad which is moved to the system.ini in the user’s mIRC folder, while executing the Javascript virus badbunny.js that replicates to other files in the folder.

      On Apple Mac systems, the worm drops one of two Ruby script viruses in files called badbunny.rb and badbunnya.rb.

      On Linux systems, the worm drops both as an XChat script and as a Perl virus.

      Symantec rates the worm “Medium Risk”.

      For original article:
      Click here.


    • #13044

      In light of the new worm, I wrote a quick how-to on disabling/severely limiting macros and Java in OO:

Viewing 1 reply thread
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?