Results 1 to 3 of 3

Thread: MacInTouch: "badbunny" OpenOffice worm

  1. #1
    MacInTouch: "badbunny" OpenOffice worm
    MacInTouch has an article today about a potential hazard to Macs, an OpenOffice worm distributed in malicious OpenOffice docs. The article gives three links: OpenOffice worm Badbunny hops across operating systems from

    "A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux and Mac OS X systems," according to a Symantec Security Response advisory. "Be cautious when handling OpenOffice files from unknown sources."

    Apple's Mac OS is not a virus-free platform, said Jan Hruska, who co-founded rival antivirus firm Sophos and was one of the first ever PC antivirus experts.

    "Viruses on the Mac are here and now. They are available, and they are moving around. It is not as though the Mac is in some miraculous way a virus-free environment," Hruska said. "The number of viruses coming out for non-Mac platforms is higher. It gives a false impression that somehow, Apple Macs are all virus-free." ...
    SB/BadBunny-A from anti-virus maker Sophos:

    SB/BadBunny-A is a multi-platform worm written in several scripting languages and distributed as an document containing a StarBasic macro.

    SB/BadBunny-A spreads by dropping malicious script files that affect the behavior of the popular IRC programs mIRC and X-Chat, causing them send SB/BadBunny-A to other users. These malicious script files are named (for XChat) and script.ini (for mIRC, overwriting the existing mIRC file) and are also detected as SB/BadBunny-A.

    SB/BadBunny-A drops different additional components depending on the platform on which it is running: [...] On MacOS, it drops one of two possible files named badbunny.rb and badbunnya.rb that are Ruby file infectors also detected as SB/BadBunny-A.
    About Security, BadBunny, and Macros from OpenOffice:

    It is possible in any capable macro language, including that used by, to write simple 'virus-like' programs. Currently, follows industry best practice to mitigate the risk. If the software detects macros in a document being opened, by default it displays a warning and will only run the macro if the user specifically agrees. In any macro-capable tool, it is essential to verify the origin and authenticity of the document before executing macros. To this end, has also included advanced digital signature capabilities. ...
    So if you work extensively with OpenOffice, just make double sure of the files' origins.

  2. #2

    Member Since
    Mar 19, 2007
    Torrance, CA
    Thanks for the info MHC!

  3. #3

    jotdess's Avatar
    Member Since
    May 03, 2007
    Thanks for the heads up MHC.
    Great spirits have always encountered violent opposition from mediocre minds.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 4
    Last Post: 09-28-2017, 03:29 AM
  2. Replies: 4
    Last Post: 10-04-2015, 01:28 PM
  3. Replies: 7
    Last Post: 05-09-2012, 06:06 AM
  4. "RECYCLERS" 'isee.exe' Worm locked in my trash - advice?
    By RaphaeliteGirl in forum macOS - Operating System
    Replies: 10
    Last Post: 01-09-2009, 08:21 AM
  5. Got "Worms", "Viruses" and "Bugs" in your puter?
    By in forum Schweb's Lounge
    Replies: 14
    Last Post: 06-15-2004, 03:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts