M
MacHeadCase
Guest
MacInTouch has an article today about a potential hazard to Macs, an OpenOffice worm distributed in malicious OpenOffice docs. The article gives three links: OpenOffice worm Badbunny hops across operating systems from CNET.com:
SB/BadBunny-A from anti-virus maker Sophos:
About Security, BadBunny, and Macros from OpenOffice:
So if you work extensively with OpenOffice, just make double sure of the files' origins.
"A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux and Mac OS X systems," according to a Symantec Security Response advisory. "Be cautious when handling OpenOffice files from unknown sources."
Apple's Mac OS is not a virus-free platform, said Jan Hruska, who co-founded rival antivirus firm Sophos and was one of the first ever PC antivirus experts.
"Viruses on the Mac are here and now. They are available, and they are moving around. It is not as though the Mac is in some miraculous way a virus-free environment," Hruska said. "The number of viruses coming out for non-Mac platforms is higher. It gives a false impression that somehow, Apple Macs are all virus-free." ...
SB/BadBunny-A from anti-virus maker Sophos:
SB/BadBunny-A is a multi-platform worm written in several scripting languages and distributed as an OpenOffice.org document containing a StarBasic macro.
SB/BadBunny-A spreads by dropping malicious script files that affect the behavior of the popular IRC programs mIRC and X-Chat, causing them send SB/BadBunny-A to other users. These malicious script files are named badbunny.py (for XChat) and script.ini (for mIRC, overwriting the existing mIRC file) and are also detected as SB/BadBunny-A.
SB/BadBunny-A drops different additional components depending on the platform on which it is running: [...] On MacOS, it drops one of two possible files named badbunny.rb and badbunnya.rb that are Ruby file infectors also detected as SB/BadBunny-A.
About Security, BadBunny, and Macros from OpenOffice:
It is possible in any capable macro language, including that used by OpenOffice.org, to write simple 'virus-like' programs. Currently, OpenOffice.org follows industry best practice to mitigate the risk. If the software detects macros in a document being opened, by default it displays a warning and will only run the macro if the user specifically agrees. In any macro-capable tool, it is essential to verify the origin and authenticity of the document before executing macros. To this end, OpenOffice.org has also included advanced digital signature capabilities. ...
So if you work extensively with OpenOffice, just make double sure of the files' origins.