BadBunny macro worm targets OpenOffice

Stephen Withers
Tuesday, 22 May 2007 07:54

Your IT - Home IT

A proof of concept macro worm attacking OpenOffice on Windows, Mac OS X and Linux has been received by security software company Sophos but not yet detected in the wild.

The BadBunny worm arrives in an OpenOffice Draw file called badbunny.odg, and attempts to uses different techniques to propagate according to the platform it finds itself on.

"This harks back to the old days of malware when it was written to show off computer prowess," observed SophosLabs director Mark Harris, but "this particular author seems to have trouble because the sample we received didn't work... my message to the author is, don't bother, get a real job, but don't bother applying to join SophosLabs. In fact judging by the poor quality of what was submitted, I would recommend a completely different career."

BadBunny uses JavaScript viruses on Windows, Ruby on Mac, and Perl on Linux. It tries to spread to other computers by sending itself via XChat or mIRC file transfers.

"This is not a piece of malware which we expect to see spreading in the wild, despite its use of a photograph of unusual wildlife," said Graham Cluley, senior technology consultant at Sophos.

The name comes from a pornographic picture of a man dressed as a rabbit that is downloaded and displayed by the worm.