Posted by: Amker
« on: 08. June 2007., 20:20:35 »…was the case that they gave me. SB.Badbunny, a fairly novel OpenOffice macro virus that attempts to spread via IRC. The novelty comes partly from the attention-grabbing trendiness of working on Open Office and many Unix-based operating systems (Linux and Macintosh included), but also with its use of a variety of scripting languages to improve portability. Badbunny doesn't just use the OpenOffice macro language, but has components written in Ruby, Javascript, Python and Perl.
What makes this virus worth mentioning is that it illustrates how easily scripting platforms, extensibility, plugin-ins, ActiveX, etc, can be abused. The rapid development nature of these platforms applies to the latest Web 2.0 websites as well as the latest malware threat. All too often this is forgotten in the pursuit to match features with another vendor. Fortunately, in this case the ease-of-use of these scripting languages attracted an amateur developer who wrote multiple critical bugs in the code, causing Badbunny to barely replicate.
Given that web servers is one area where operating systems are still mixed and matched, and where the open-source webserver Apache rules [3], the ability for malware to survive in a cross-platform, cross-application environment has particular relevance as more and more malware is pushed out via websites. How long until someone uses something like this to drop a JavaScript infector on a web server, regardless of platform? Well, we've already seen even more sophisticated attacks, with 3rd party advertisers, redirecting iframes, JavaScript and ANI/ActiveX vulnerabilities. Malware authors have even turned this into a c2c (criminal to criminal) business of sorts[2] . They just didn't advertise it with a man in a bunny suit. They were trying to make money.
What makes this virus worth mentioning is that it illustrates how easily scripting platforms, extensibility, plugin-ins, ActiveX, etc, can be abused. The rapid development nature of these platforms applies to the latest Web 2.0 websites as well as the latest malware threat. All too often this is forgotten in the pursuit to match features with another vendor. Fortunately, in this case the ease-of-use of these scripting languages attracted an amateur developer who wrote multiple critical bugs in the code, causing Badbunny to barely replicate.
Given that web servers is one area where operating systems are still mixed and matched, and where the open-source webserver Apache rules [3], the ability for malware to survive in a cross-platform, cross-application environment has particular relevance as more and more malware is pushed out via websites. How long until someone uses something like this to drop a JavaScript infector on a web server, regardless of platform? Well, we've already seen even more sophisticated attacks, with 3rd party advertisers, redirecting iframes, JavaScript and ANI/ActiveX vulnerabilities. Malware authors have even turned this into a c2c (criminal to criminal) business of sorts[2] . They just didn't advertise it with a man in a bunny suit. They were trying to make money.