OpenOffice worm hits Mac, Linux and Windows

OpenOffice worm hits Mac, Linux and Windows

Summary: update Malware targeting OpenOffice documents is spreading through multiple operating systems including Mac OS, Windows and Linux, according to Symantec.According to the Symantec Security Response Web site, the worm is capable of infecting multiple operating system platforms and is spreading.

SHARE:

update Malware targeting OpenOffice documents is spreading through multiple operating systems including Mac OS, Windows and Linux, according to Symantec.

According to the Symantec Security Response Web site, the worm is capable of infecting multiple operating system platforms and is spreading.

The advisory said: "A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux, and Mac OS X systems. Be cautious when handling OpenOffice files from unknown sources".

In an interview with ZDNet Australia on Thursday, Dr Jan Hruska, who co-founded rival antivirus firm Sophos and was one of the first ever PC antivirus experts, said that Apple Mac's are not a virus-free platform.

"Viruses on the Mac are here and now. They are available and they are moving around -- it is not as though the Mac is in some miraculous way a virus free environment.

"In terms of numbers, the number of viruses coming out for non-Mac platforms is higher. It gives a false impression that somehow Apple Macs are all virus free," said Hruska.

The worm was first spotted late last month but at the time, it was not thought to be "in the wild".

Once opened the OpenOffice file (badbunny.odg) launches a macro that behaves in several different ways depending on the user's operating system.

On Windows systems, it drops a file called drop.bad which is moved to the system.ini in the user's mIRC folder, while executing the Javascript virus badbunny.js that replicates to other files in the folder.

On Apple Mac systems, the worm drops one of two Ruby script viruses in files called badbunny.rb and badbunnya.rb.

On Linux systems, the worm drops both badbunny.py as an XChat script and badbunny.pl as a Perl virus.

Symantec rates the worm "Medium Risk".

Topics: Security, Apple, Hardware, Linux, Malware, Microsoft, Open Source, Reviews, Windows

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Bill Gates is behind this

    I'm pretty sure M$ is getting really desperate, and attacking OpenOffice is part of their new offensive strategy.
    anonymous
  • Bad Bunny?

    I'm pretty sure I dated her back in college.

    Neil Anderson
    http://www.cyclelogicpress.com
    anonymous
  • Open Source is for the birds

    More proof that we need to avoid all open source offerings
    anonymous
  • Very Ignorant

    Mac users hate hate hate OpenOffice for Mac, its stable version still runs under X11. No Mac users I know uses OpenOffice, they mostly use Microsoft Office, iWork, and NeoOffice. As for worms and viruses, how does this actually affect the host? It's 90% Java. Scripts are not viruses, they're scripts that automate things. On UNIX-based systems the damage is only to the user that runs the program, and since OpenOffice.org is userland, there is no doubt in my mind that the worm as you claim it is, is useless. It's easy to cleanup. Windows XP and 2000 users heed warning though, default administrator privileges are what'll get you. Unfortunately, until Vista has there been less emphisis on needing administrative ability.
    anonymous
  • More proof that we need to avoid all open source offerings

    NONSENS !
    the free World has to survive!
    anonymous