OpenOffice worm Badbunny hops across operating systems

Malicious software, spreading through OpenOffice documents, "can infect Windows, Linux and Mac OS X systems," Symantec says.
Written by Munir Kotadia, Contributor
Malicious software targeting OpenOffice.org documents is spreading through multiple operating systems, according to Symantec.

"A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux and Mac OS X systems," according to a Symantec Security Response advisory. "Be cautious when handling OpenOffice files from unknown sources."

Apple's Mac OS is not a virus-free platform, said Jan Hruska, who co-founded rival antivirus firm Sophos and was one of the first ever PC antivirus experts.

"Viruses on the Mac are here and now. They are available, and they are moving around. It is not as though the Mac is in some miraculous way a virus-free environment," Hruska said. "The number of viruses coming out for non-Mac platforms is higher. It gives a false impression that somehow, Apple Macs are all virus-free."

The worm was first spotted late last month, but at the time, it was not thought to be "in the wild."

Once opened, the OpenOffice file, called badbunny.odg, launches a macro that behaves in several different ways, depending on the user's operating system.

On Windows systems, it drops a file called drop.bad, which is moved to the system.ini file in the user's mIRC folder. It also executes the JavaScript virus badbunny.js, which replicates to other files in the folder.

On Apple Mac systems, the worm drops one of two Ruby script viruses in files respectively called badbunny.rb and badbunnya.rb.

On Linux systems, the worm drops both badbunny.py as an XChat script and badbunny.pl as a Perl virus.

Symantec rates the worm as a "medium risk."

Munir Kotadia of ZDNet Australia reported from Sydney.

Editorial standards