Cross-platform Proof-of-concept virus for OpenOffice.org

A group of malware developers have produced a proof-of-concept virus called BadBunny that uses OpenOffice macros. The code was sent directly to SophosLabs, which has already issued virus protection updates. Sophos technology consultant Graham Cluley describes BadBunny as "old-school malware seemingly written to show off a proof of concept rather than a serious attempt to spy on and steal from computer users." The virus, which is embedded in a specially crafted OpenOffice Draw document, can execute scripts with user-level permissions and attempts to propagate itself across the Internet via mIRC and XChat.

The BadBunny virus provides insight into the security failings of OpenOffice. The most notable aspect of the BadBunny virus is its cross-platform nature; it can successfully infect Windows, Mac OS X, and Linux systems and is capable of propagating itself on both Windows and Linux. Although it uses OpenOffice's generic macro language as the delivery mechanism, the BadBunny virus payload contains an assortment of scripts specialized for each target platform. On Windows, BadBunny uses JavaScript, on Mac OS X it uses Ruby, and on Linux it uses Perl and Python.

News source: Ars Technica

Report a problem with article
Previous Story

Skype 3.2.0.152

Next Story

SharkTorrent 0.1.4 Beta

16 Comments

Interesting that while it can infect all three systems, it can only propagate on Windows and Linux, but not OS X. Has there been a "proof of concept" virus yet that could? Not that I've ever seen.

Infection is worse for the end user than propogation. Who cares about the rest of the world! Why is my **** gone? Tell me someone who wouldn't be thinking like that.

Plus, if you read how it's done.. mIRC & XChat.. It's just automating things. They probably didn't get around to doing that part for OSX either due to lack of a good IRC client or some other reason. If you have access to delete stuff, you most definately have access to run stuff and hide it.

There are great IRC clients out there for the Mac... I think Colloquy does pretty much everything but I haven't used it enough.

And.. not everybody is that egoistic by the way, some people do care about getting others infected. Some people really don't give **** about the others :suspicious:

A virus using this technique wouldn't be able to break a system outright, but documents for a user could easily be deleted or stolen.

simon360 said,
A virus using this technique wouldn't be able to break a system outright, but documents for a user could easily be deleted or stolen.
Agreed. An infection is an infection.

simon360 said,
A virus using this technique wouldn't be able to break a system outright, but documents for a user could easily be deleted or stolen.
Good point

well, microsoft just made tools to make office files safer. Maybe it's time for openoffice to do the same, it's essentially the same problem as the vba macros in ms office.

It's sad really, everytime the software companies make something that makes the life of users easier (in this case macro's) someone abuses it

please correct me if im wrong but isn't freebsd, linux or something?

just thought that there the same or something :S please don't hurt me :redface:

W4rn33n9 said,
please correct me if im wrong but isn't freebsd, linux or something?

just thought that there the same or something :S please don't hurt me :redface:

You're pretty close. FreeBSD is UNIX, and Linux is... well, Linux. Each, however, share lots of attributes.

Call me crazy but I personally think that a cross platform virus would be the natural evolution of infections online.

Think of a cold. It doesn't hit one specific type of person but all people.

Good thing I don't use Open Office.

End of the day, this was probably coded by someone who needs to wipe out the competition.

Commenting is disabled on this article.