Malware targeting OpenOffice documents is spreading through multiple operating systems including Mac OS, Windows and Linux, according to Symantec.
According to the Symantec Security Response website, the worm is capable of infecting multiple operating system platforms and is spreading.
The advisory said: "A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux, and Mac OS X systems. Be cautious when handling OpenOffice files from unknown sources".
The worm was first spotted late last month but at the time, it was not thought to be "in the wild".
Once opened, the OpenOffice file (badbunny.odg) launches a macro that behaves in several different ways depending on the user's operating system.
On Windows systems, it drops a file called drop.bad which is moved to the system.ini in the user's mIRC folder, while executing the Javascript virus badbunny.js that replicates to other files in the folder.
On Apple Mac systems, the worm drops one of two Ruby script viruses in files called badbunny.rb and badbunnya.rb.
On Linux systems, the worm drops both badbunny.py as an XChat script and badbunny.pl as a Perl virus.
Symantec rates the worm "medium risk".
Talkback
Hey my friend, BadBunny is a macro.
Do you know what is MACRO?
When you execute this "badbunny.odg" OpenOffice.Org ask you if YOU want execute this MACRO. If you answer YES, this macro is launched.
If I send you a BAT File (Windows Systems) that have command "del C:\Windows\System32\*" and you execute this bat file, do you rate this bat file as a VIRUS??
Blarghhhhhhhhhh. BadBunny is a simple MACRO!!!!!!!!!!!
Best regards,
Renato S. Yamane
Brazil
GNU/Debian User
>Hey my friend, BadBunny is a macro.
>Do you know what is MACRO?
Symantec obviously don't. *Lol*
Wei-Yee Chan
http://chanweiyee.blogspot.com