OpenOffice.org Worm In The Wild

Author
Aron Schatz
Posted
June 11, 2007
Views
6734

Page All:

Page 1
Be sure to keep your systems up to date. And I mean all of them including Linux and Mac. The worm in the wild goes after all the OSes that OO.org runs on.

Quote

Once opened, the OpenOffice file, called badbunny.odg, launches a macro that behaves in several different ways, depending on the user's operating system. On Windows systems, it drops a file called drop.bad, which is moved to the system.ini file in the user's mIRC folder. It also executes the JavaScript virus badbunny.js, which replicates to other files in the folder. On Apple Mac systems, the worm drops one of two Ruby script viruses in files respectively called badbunny.rb and badbunnya.rb. On Linux systems, the worm drops both badbunny.py as an XChat script and badbunny.pl as a Perl virus.

Title

Medium Image View Large