The recent OpenOffice worm may be a sign that malware writers are starting to target the increasingly popular open-source software, industry experts say.
First discovered last month, the OpenOffice macro-based worm is spread through a file called badbunny.odg. The worm, named SB/Badbunny-A, affects OpenOffice users on Windows, Linux and Mac platforms.
Wilvin Chee, research director of IDC's Asia-Pacific software research group, noted that the OpenOffice worm could be an isolated incident but it could also indicate malware writers are starting to capitalise on the rising popularity of open-source software.
"But we have to see how much of this malware is coming out into the open," Chee said.
Symantec said the prevalence of the Badbunny worm in the wild is "very low". The impact on businesses and consumers has so far been minimal, thanks to coding errors in the worm that limit its ability to spread, Symantec said. As of 12 June, the security vendor has not received any new reports of the threat from customers.
Ooi Szu-Khiam, senior security consultant at Symantec Singapore, said that the author of the Badbunny worm has clearly noted that OpenOffice has been downloaded over 80 million times and saw in it the opportunity to create something that could work across many platforms.
"Malware creators are always on the lookout for new avenues to exploit in order to spread their worms and Trojans, and the home-user sector is a particularly attractive target," Ooi said.
According to Symantec's latest Internet Security Threat report, 98 percent of all targeted attacks in the Asia-Pacific region are aimed at consumers.
Ooi noted that open-source software in itself is not more vulnerable to attacks compared to proprietary software. He added that history has shown that the majority of security flaws are still found in closed-source and proprietary software from vendors such as Microsoft, Oracle and IBM.
Moreover, Ooi said, if open source is a key reason for security vulnerabilities, there should be more instances of vulnerabilities in open-source software, but this is currently not the case. "The popularity of a software and/or operating system is still the major factor in determining its attractiveness to malware creators," he noted.
Ooi said that malware creators, such as software developers, have always been looking at ways to write software once and run it on many platforms.
"If you can develop something that will work reliably across Windows, Linux and Mac, then you'll obviously get a lot more bang for your buck," he said. "Malware creators are also in pursuit of this goal."
Ooi added: "As long as there is a potential to profit, cause widespread disruption, or to be the first to create a malware, you will find malware creators pushing the envelope in those spaces".
"The constant evolution of threats has proven malware creators to be very creative in their endeavours," Ooi said.
Aaron Tan writes for ZDNet Asia.
That malware authors would target open-source software once it started to become mainstream was inevitable.
It has long been a mantra of the open-source community that vulnerabilities are fixed in a few days, instead of a few months as with proprietary software. I have no doubt that the OpenOffice community will address this issue post-haste, if they haven't already. On another open-source front, I have seen the speed with which Firefox flaws are corrected and this is usually far faster than Microsoft fixing Internet Explorer flaws.
When malware authors see that their worms are thwarted by rapid, concerted community action, perhaps they'll realise that the days of widespread attacks of this nature are numbered. And as more businesses see the cost savings incurred as a result of the open-source community's rapid responses to attacks, perhaps the days of the massive proprietary-software companies will be numbered as well.