X
Tech

OpenOffice worm hits Mac, Linux and Windows

update Malware targeting OpenOffice documents is spreading through multiple operating systems including Mac OS, Windows and Linux, according to Symantec.According to the Symantec Security Response Web site, the worm is capable of infecting multiple operating system platforms and is spreading.
Written by Munir Kotadia, Contributor

update Malware targeting OpenOffice documents is spreading through multiple operating systems including Mac OS, Windows and Linux, according to Symantec.

According to the Symantec Security Response Web site, the worm is capable of infecting multiple operating system platforms and is spreading.

The advisory said: "A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux, and Mac OS X systems. Be cautious when handling OpenOffice files from unknown sources".

In an interview with ZDNet Australia on Thursday, Dr Jan Hruska, who co-founded rival antivirus firm Sophos and was one of the first ever PC antivirus experts, said that Apple Mac's are not a virus-free platform.

"Viruses on the Mac are here and now. They are available and they are moving around -- it is not as though the Mac is in some miraculous way a virus free environment.

"In terms of numbers, the number of viruses coming out for non-Mac platforms is higher. It gives a false impression that somehow Apple Macs are all virus free," said Hruska.

The worm was first spotted late last month but at the time, it was not thought to be "in the wild".

Once opened the OpenOffice file (badbunny.odg) launches a macro that behaves in several different ways depending on the user's operating system.

On Windows systems, it drops a file called drop.bad which is moved to the system.ini in the user's mIRC folder, while executing the Javascript virus badbunny.js that replicates to other files in the folder.

On Apple Mac systems, the worm drops one of two Ruby script viruses in files called badbunny.rb and badbunnya.rb.

On Linux systems, the worm drops both badbunny.py as an XChat script and badbunny.pl as a Perl virus.

Symantec rates the worm "Medium Risk".

Editorial standards