McAfee yawns at pornographic OpenOffice virus sample

Summary:Anti-virus experts are giving a collective thumbs-down to a proof-of-concept virus targeting OpenOffice and StarOffice, dismissing the creation as a silly publicity stunt.

BadBunny - OpenOffice/StarOffice
Anti-virus experts are giving a collective thumbs-down to a proof-of-concept virus targeting OpenOffice and StarOffice, dismissing the creation as a silly publicity stunt.

Sophos, an anti-virus company with headquarters in the U.K., first warned about the "in the wild" BadBunny sample, which infects the target when an OpenOffice Draw file is opened.

A macro included in the file performs different functions depending on whether you are running Windows, MacOS or Linux, Sophos said.

  • On Windows, the worm drops a file called drop.bad which is then moved to system.ini in your mIRC folder (if you have one) and also drops and executes badbunny.js which is a JavaScript virus that replicates to other files in the folder.
  • On Ma cOS, itworm drops one of two Ruby script viruses (in files called badbunny.rb or badbunnya.rb)
  • On Linux, the worm drops badbunny.py as an XChat script and also drops badbunny.pl which is a tiny Perl virus infecting other Perl files.

Sophos said the dropped XChat and mIRC scripts are used to replicate and distribute the virus, and they initiate DCC transfers to others of the original badbunny.odg OpenOffice file.

McAfee researcher Vinoo Thomas has written dismissively about BadBunny:

In all likelihood this virus will not be seen in the wild. Such proof of concepts are written more to show off the so-called elite skills of the author and are usually submitted to AntiVirus vendors by the virus authors to get media attention. Nowadays with all the keen media interest in computer security, all it takes is to add a bell or whistle and a little proof of concept makes headlines.

This virus group had previously released a proof of concept virus targeting StarOffice christened StarOffice/StarDust which downloaded a picture of the porn star Sylvia Saint. In this variant it downloads something on similar lines - a pornographic image of a man dressed as a rabbit making out with a scantily clad woman in the woods. Sigh!

Still, McAfee has released definition updates for the virus, which is programed to launch denial-of-service attacks against a list of anti-virus vendor sites.

Topics: Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.