• This forum is for posting news stories or links from rumor sites. When you start a thread, please include a link to the site you're referencing.

    THIS IS NOT A FORUM TO ASK "WHAT IF?" TYPE QUESTIONS.

    THIS IS NOT A FORUM FOR ASKING QUESTIONS ABOUT HOW TO USE YOUR MAC OR SOFTWARE.

    This is a NEWS and RUMORS forum as the name implies. If your thread is neither of those things, then please find the appropriate forum to ask your question.

    If you don't have a link to a news story, do not post the thread here.

    If you don't follow these rules, then your post may be deleted.

MacInTouch: "badbunny" OpenOffice worm

M

MacHeadCase

Guest
MacInTouch has an article today about a potential hazard to Macs, an OpenOffice worm distributed in malicious OpenOffice docs. The article gives three links: OpenOffice worm Badbunny hops across operating systems from CNET.com:

"A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux and Mac OS X systems," according to a Symantec Security Response advisory. "Be cautious when handling OpenOffice files from unknown sources."

Apple's Mac OS is not a virus-free platform, said Jan Hruska, who co-founded rival antivirus firm Sophos and was one of the first ever PC antivirus experts.

"Viruses on the Mac are here and now. They are available, and they are moving around. It is not as though the Mac is in some miraculous way a virus-free environment," Hruska said. "The number of viruses coming out for non-Mac platforms is higher. It gives a false impression that somehow, Apple Macs are all virus-free." ...
Click to expand...

SB/BadBunny-A from anti-virus maker Sophos:

SB/BadBunny-A is a multi-platform worm written in several scripting languages and distributed as an OpenOffice.org document containing a StarBasic macro.

SB/BadBunny-A spreads by dropping malicious script files that affect the behavior of the popular IRC programs mIRC and X-Chat, causing them send SB/BadBunny-A to other users. These malicious script files are named badbunny.py (for XChat) and script.ini (for mIRC, overwriting the existing mIRC file) and are also detected as SB/BadBunny-A.

SB/BadBunny-A drops different additional components depending on the platform on which it is running: [...] On MacOS, it drops one of two possible files named badbunny.rb and badbunnya.rb that are Ruby file infectors also detected as SB/BadBunny-A.
Click to expand...

About Security, BadBunny, and Macros from OpenOffice:

It is possible in any capable macro language, including that used by OpenOffice.org, to write simple 'virus-like' programs. Currently, OpenOffice.org follows industry best practice to mitigate the risk. If the software detects macros in a document being opened, by default it displays a warning and will only run the macro if the user specifically agrees. In any macro-capable tool, it is essential to verify the origin and authenticity of the document before executing macros. To this end, OpenOffice.org has also included advanced digital signature capabilities. ...
Click to expand...

So if you work extensively with OpenOffice, just make double sure of the files' origins.
 
MikeYMS

MikeYMS


Joined
Mar 19, 2007
Messages
428
Reaction score
24
Points
18
Location
Torrance, CA
Your Mac's Specs
Mac mini w/ 2.33GHz Intel Core 2 Duo, 2GB 667Mhz DDR2 SDRAM
Thanks for the info MHC! :)
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top