A group of malware developers have produced a proof-of-concept virus that uses OpenOffice macros. The virus, which is embedded in a specially crafted OpenOffice Draw document, can execute scripts with user-level permissions and attempts to propagate itself across the Internet via mIRC and XChat. Called BadBunny, the virus displays a picture of a man dressed like a rabbit engaged in... relations with a scantily-clad woman.
BadBunny has not been released into the wild and was apparently created exclusively for the purpose of demonstrating potential OpenOffice macro vulnerabilities. The developers sent the proof-of-concept code directly to SophosLabs, which has already issued virus protection updates to protect Sophos users from viruses using similar mechanisms. Sophos technology consultant Graham Cluley describes BadBunny as "old-school malware seemingly written to show off a proof of concept rather than a serious attempt to spy on and steal from computer users."
Although the BadBunny virus does not pose an immediate threat to users, it exhibits some unusual properties that provide insight into the security failings of OpenOffice and reveal attack vectors that could potentially be used in the future. The most notable aspect of the BadBunny virus is its cross-platform nature. It can successfully infect Windows, Mac OS X, and Linux systems and is capable of propagating itself on both Windows and Linux.
|