OpenOffice Pseudo Virus Downloads Bunny Porn
A post on the virus blog VirusList is warning users about a macro virus that affects the OpenOffice and StarOffice suites. No doubt a number of engineers in Redmond are cackling with delight, but in fact the virus technically isn’t a virus at all and poses little or no threat to users.
As with any macro system, a script written in StarBasic — the macro scripting language of the OpenOffice suite — can execute any arbitrary code that a user allows it to execute.
In the case of this new proof-of-concept macro, the code is embedded in a Draw file named badbunny.odg.
The macro in question will ask users if they would like to execute the script. Should the user be foolish enough to agree, the script will attempt to download and display a bit of porn — an image of a man wearing a bunny suit performing a sex act in the woods. Yes, you did read that right.
Because StarBasic macros run on any platform that OpenOffice does, the “virus” can affect Windows, Linux and Mac OS X. The results vary somewhat according to your system. According to APC, the macro will do the following depending on the system it runs on:
- Windows: The worm drops a file called drop.bad which is then moved to system.ini in your mIRC folder (if you have one) and also drops and executes badbunny.js which is a JavaScript virus that replicates to other files in the folder.
- MacOS: The worm drops one of two Ruby script viruses (in files called badbunny.rb or badbunnya.rb).
- Linux: The worm drops badbunny.py as an XChat script and also drops badbunny.pl which is a tiny Perl virus infecting other Perl files.
The makers of OpenOffice are understandably somewhat annoyed at this bit of code being called a virus since it doesn’t execute arbitrary code without user permission and can’t self-replicate.
A short announcement sent to an OpenOffice mailing list reads:
The OpenOffice.org engineers take the security of the software very seriously, and will react promptly to any new issues. This “proof of concept” virus is not new information, and does not require a software patch. Technically, it is not even a virus, as it is not “self-replicating” - with OpenOffice.org’s default settings, it cannot spread without user intervention.
As with anything, never trust a file from unknown sources. As long as users are smart enough to follow that timeless advice they should be in no danger whatsoever.
[Photo from APC]
