Virus exploits Web 2.0 technology to cross platforms
A computer virus for the free OpenOffice productivity software is spreading across computers that use the Windows, Mac and Linux operating systems, security researchers said Monday.
The worm, dubbed Badbunny, is being distributed in OpenOffice-formatted documents, Symantec Corp. said in a notice published on its website. OpenOffice is a free, open-source suite of office programs whose development is sponsored by Sun Microsystems Inc. and is available for multiple operating systems in a variety of languages.
Badbunny was spotted in May and classified as a proof-of-concept virus — one that demonstrates a technique to compromise a computer but is not really aimed at causing harm. It wasjudged to pose little risk to anyone since it was not believed to be propagating on the internet or "in the wild."
"The worm can infect Windows, Linux, and Mac OS X systems," the notice states. "Be cautious when handling OpenOffice files from unknown sources."
"What makes this virus worth mentioning is that it illustrates how easily scripting platforms, extensibility, plug-ins, ActiveX, etc., can be abused," Symantec security researcher Stuart Smith wrote in a post to the company's Security Response weblog on June 7. "The rapid development nature of these platforms applies to the latest Web 2.0 websites as well as the latest malware threat."
Fortunately, Smith noted, Badbunny's author was apparently an "amateur" whose programming skills left the worm's code filled with bugs, making it difficult for the malware to reproduce itself.
When opened, the worm tries to create files named "badbunny" and infect all files contained in the folder in which it was opened. It might display the message: "Your system has been infected with: Dropper for Badbunny by SkyOut," then initiate a countdown. It may also display a pornographic picture of a man in a bunny suit.
At least one variant tries to spread through the online chat protocol internet relay chat (IRC) when users of mIRC messaging software launch the program.