14 DAY TRIAL // OpenOffice Bunny virus makes no discrimination when it comes to platform and humps Windows, Mac OS X and Linux. BadBunny is in fact the first malware piece to affect the open source productivity suite OpenOffice. According to security company Sophos, SB/Badbunny-A is an OpenOffice multiplatform macro worm. The OpenOffice/StarBasic macro worm is designed to drop scripts in several languages, but Sophos only considers it a minor threat.
According to the security company, following the initial infection the worm will download and display a JPEG image. The picture included on the left is a segment of that image, courtesy of Sophos. The "scene" has been cropped to focus on the bunny, but the complete JPEG involves a sexual act.
"The group responsible for writing the BadBunny malware don't seem to have much confidence in it spreading as they have sent it directly to our labs. The hackers have written plenty of StarBasic malware in the past, but the most 'in the wild' this one is likely to get is by displaying a picture of a furvert in the woods," said Graham Cluley, senior technology consultant for Sophos. "This is old-school malware - seemingly written to show off a proof of concept rather than a serious attempt to spy on and steal from computer users. A financially motivated hacker would have targeted more widely used software and not incorporated such a bizarre image. This is not a piece of malware which we expect to see spreading in the wild, despite its use of a photograph of unusual wildlife."
The security company has warned users to steer clear of "badbunny.odg" files because they are in fact malformed OpenOffice Draw documents. The malicious macro in the file will corrupt the machine even if it is running Windows, Mac OS X or Linux. Sophos has not disclosed if Windows Vista is affected.
On the Windows platform, the worm drops a malicious file: "drop.bad." Subsequently, the corrupted file is transitioned to the system.ini in your mIRC folder in case it exists. Additionally, the worm will execute a JavaScript virus dubbed badbunny.js designed to replicate to additional files.
On the Mac OS X operating system, SB/Badbunny-A delivers badbunny.rb or badbunnya.rb, two Ruby script viruses, and Linux platforms will be infected with badbunny.pl, a Perl virus.