Security

BadBunny runs little wild : A worm for Windows, Mac, and Linux


BadBunny, a proof-of-concept virus introduced last month, is now affecting systems on a larger scale. The virus that spreads via malicious OpenOffice documents infects Windows, Linux, and Mac OS X systems.

Excerpt from an article at ZDNet:

"A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux and Mac OS X systems," according to a Symantec Security Response advisory. "Be cautious when handling OpenOffice files from unknown sources."

The virus executes different components for different operating systems that it detects:

  • On Windows: It copies a file called drop.bad to the system.ini file in the user's mIRC folder and executes the JavaScript virus badbunny.js, which replicates to other files in the folder
  • On Linux: It drops badbunny.py as an XChat script and drops badbunny.pl, a Perl virus infecting other Perl files.
  • On Mac: It installs one of two Ruby script viruses (in files called badbunny.rb or badbunnya.rb).

Sources:

Virus Exploits Web 2.0 Technology to Cross Platforms (CBC News)

OpenOffice virus Badbunny hops across Operating Systems (CNET News.com)

With cross-platform applications being touted as the next wave of applications syncing the Web with the desktop, the potential damage that an OS-hopping worm can cause is gargantuan. Like everything else on the Net, Web 2.0 and other disruptive technologies are also prone to getting "mal-utelized." Are the developers of next-gen "Web-plication platforms" taking notice? Join the discussion.

14 comments
pr.arun
pr.arun

Though the virus is not spreading on a massive scale, it is supposed to be just a proof-of-concept of how the added functionalities to browsers and other web applications can be exploited for malicious intent. But it all comes down to this : You have to open the 'badbunny.odg' file to execute the virus. Hence, WATCH YOUR ATTACHMENTS. Personal caution is still the best remedy.

pr.arun
pr.arun

Is this the ugly face of the Web 2.0 ?

Neil Higgins
Neil Higgins

Of course it was only a matter of time before the rabbits "hit" Linux.The morons that produce malicious code,should be made to pay for all the damage they do by being zapped into oblivion (moan over). The only one's who will benefit are the anti virus companies,and tech guru's,who will make a mint out of quickly producing "flush-medicine" for the masses.Welcome to 2007.

Locrian_Lyric
Locrian_Lyric

those PC vs MAC commercials with MAC boasting that they never get viruses.....

mactekvic
mactekvic

My first reaction is to think who would want OpenOffice to have problems. I wonder if any Microsoft internal e-mails hold the answer. And, maybe this virus was intentionally introduced to firm up Web 2.0's security overall. These are only wild accusations. I'm a Mac protectionist who has a deep but historically well founded lack of distrust in anything Microsoft being anything but either a knockoff and/or buggy. Whereas the control freaks at Microsoft have the most to lose from Open Source development, Apple has always rallied behind Open Source projects. Mac allies would lack a motive to cripple Microsoft's competitors and limit Open Source projects. I have no doubt that Mac users will be spared the carnage because we have excellent alternative offerings and proactive protections from the Apple Products and Developers divisions. Sadly, if we want to maintain communications with our challenged PC brethren we must speak their language. (I strongly encourage you to see the TechRepublic article on Safari for Windows). Sincerely, Still arrogant, and blissfully ignorant

CIO at Alphabetas
CIO at Alphabetas

And you have defined an issue that haunts the development world: security There are few bottom line issues so clear that most app developers are trying something new for them as well as their clients or companies, and unless they have some trining in it, security is an afterthought at best.

pr.arun
pr.arun

Symantec has rated the worm as a'medium' level threat which goes with the fact that the worm was used to exhibit capabilities of mal-ware with the increased use of software that's cross platform. As for the security of Mac, compared to all the blame that can be put over windows, it is a fact that windows has been stressed a lot more obviously owing to its large user base and claims can only be validated when user-bases are comparable. As for the worm spreading due to a vulnerability in the OpenOffice software , this is what Red Hat had to say "the Badbunny issue does not exploit a vulnerability in OpenOffice.org and updates are not required for this issue.? I believe that its owing to the increased functionality that is being added into the apps ( plug-ins) that to some extent does make them prone to being exploited. Perhaps developers need to think inside out on the ways in which the features can get exploited.

CIO at Alphabetas
CIO at Alphabetas

I don't think it takes any shine off of any OS. And we DO make the distinctions when they are on MS as well- except that so often the vuls are also a MS product. Also, I don't think the userbase is smug- they're smart and well informed, which can come across as smug to people that don't have the depth of knowledge to make distinctions at a very fine level. Such as the OS. The issue is not that Macs are unhackable and Windows is wide open. The distinction is that once an OS virus or exploit is crafted, the damage level it is able to do is directly proportionate to the OSes ability to handle "unexpected" results or consequences. What MS fanbois don t EVER seem to want to admit is that the Windows OS is inherently flawed and MUCH easier to exploit. Given the same vul on each OS, I'd rather be on a Mac as remediation, even up to reinstalling everything, is so much easier on the mac with it's drag and drop restores and such.

boomchuck1
boomchuck1

Sure, this is an application vulnerability, but nobody seems to make that distinction when the target is a MS machine. The issue here is that regardless of the OS you are using you can get attacked by a virus. The Mac and Linux crowd is way too smug in claiming that they are somehow immune, but here we are with the office suite of choice for the open source crowd coming up with a major vulnerability that will infect your computer regardless of the OS. OOo may not have the market that MS Office has but there are a lot of folks out there using it, myself included on my home PC. As a proof of concept you've got to admit that this takes a little bit of shine off OS-X and Linux.

mkleinpaste
mkleinpaste

I get so tired of hearing people go on about percentages but forget to look a the quality of the viruses when they do attack an OS. In this case if you don't have open office installed, no worries. So, yeah. Not a "Mac" virus.

CIO at Alphabetas
CIO at Alphabetas

Folks, this ain't a Mac virus issue, so please don't start some retarded flame war here about it. This is, like all the other recent vulnerabilities posted on the Mac lately, simply an application vulnerability. First: On any platform, what is the risk if you do not use the application, in this case Open Office? The author of this Blog did not dig into this and give us any detail, so you guys are yammerring about the Mac. Second, we know firsthand that application vulnerabilities are the easiest vector into Xcode. Nobody has ever assumed that virus writers would stay happy just cramming stuff down the windows open kernel forever. Now they are smart enough to realize that by attacking specific applications they can get more done, rather than just the OS. The fact that the exploit in this case also replicates itself and spreads is just the logical conclusion of this type of activity, and frankly we have feared the marriage of exploits would have happened a long time ago, and I guess we've been lucky til now. Throwing buzzwords around or claiming it has something to do with numbers of users is foolish. If that reasoning is sound, why write a wormed exploit for open office, when MS Office is 50 times more prevalent and easier to exploit? It is not a Mac exploit, or a Linux exploit, or even a Windows exploit. It is a weakness in the Application, taken advantage of by a clever and patient programmer with low morals. Now, if someone actually comes up with a real MacOS virus that isn't patched within 30 days, that will be interesting and informative. This is just more misunderstood hype from the press and I am frankly surprised anyomne here falls for it.

pr.arun
pr.arun

The virus as such has not been proliferating and infecting systems on a massive scale. This is more like a warning sign to show how the greater integaration and cross-platform nature of applications also creates a conduit for malicious software to flow through as well.

Locrian_Lyric
Locrian_Lyric

Of the Mac folks... Never thought they could get hit by a virus. I wonder how they will react..../

pr.arun
pr.arun

The vulnerability of a system is directly proportional to the number of people using the system. If I were a malware writer , what would I chose to infect , a system with 1% of user base (Mac base is growing though) or one that has market-wide adoption (Windows ofcourse). Its logical that way.