Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

OpenOffice.org - Remote hacker automatic control

Version: All
Technical Details:

A macro worm, dubbed 'BadBunny', targeting OpenOffice.org has been discovered by Sophos (after the developers forwarded it to them). This worm is multi-platform, with different payload infections based on the current operating system (Windows, Linux and OS X are targeted). Dropped files target mIRC and X-Chat, which are then used to distribute the worm to other users. Other dropped files target various scripting languages (JavaScript, Perl, Ruby) and will also attempt basic network attacks against various antivirus and Information Security company websites.

Description:

Antivirus vendor, Sophos, has identified a new worm that is targeting the popular OpenOffice.org alternative office productivity suite. Separating the worm from most other macro worms is its ability to attack Windows, Linux, and OS X systems from the same infection (a different attack is launched based on what system is being used). Although the worm has been discovered in the wild, and it will attempt to gain control of vulnerable systems, it is not widespread at this time - the only known copy was forwarded directly to the Sophos antivirus team.

Mitigation:

Update to the latest antivirus definitions files, and apply caution when interacting with OO.o files from untrusted sources, particularly files which contain macros. Consider using OO.o from a lesser privileged account until appropriate patches can be released.

Updates:

Not Yet Available

Source:

http://www.sophos.com/security/analyses/sbbadbunnya.html

Exploits:

External Tracking Data:

http://www.sophos.com/security/analyses/sbbadbunnya.html


Social bookmark this page