A group of malware developers have produced a proof-of-concept virus called BadBunny that uses OpenOffice macros. The code was sent directly to SophosLabs, which has already issued virus protection updates. Sophos technology consultant Graham Cluley describes BadBunny as "old-school malware seemingly written to show off a proof of concept rather than a serious attempt to spy on and steal from computer users." The virus, which is embedded in a specially crafted OpenOffice Draw document, can execute scripts with user-level permissions and attempts to propagate itself across the Internet via mIRC and XChat.
The BadBunny virus provides insight into the security failings of OpenOffice. The most notable aspect of the BadBunny virus is its cross-platform nature; it can successfully infect Windows, Mac OS X, and Linux systems and is capable of propagating itself on both Windows and Linux. Although it uses OpenOffice's generic macro language as the delivery mechanism, the BadBunny virus payload contains an assortment of scripts specialized for each target platform. On Windows, BadBunny uses JavaScript, on Mac OS X it uses Ruby, and on Linux it uses Perl and Python.
News source: Ars Technica
16 Comments - Add comment