The "Badbunny" worm attempted to download and display an indecent JPG image of a bunny-suited man.
The SB/Badbunny-A worm could infect users who open an OpenOffice Draw file called badbunny.odg, researchers at the Boston-based vendor said. A macro included in the file performed different functions depending on whether the user is running Windows, the Mac operating system or Linux.
The "upside" of Badbunny, said Ron O'Brien, a senior security analyst at Sophos, "is that it was not found in the wild. It was sent directly to the Sophos lab."
However, its existence has negative security ramifications for Mac and Linux users, he said.
"It's in a category of what we'd call "proof of concept," and it's the first volley of malware that operates on all three platforms," said O'Brien.
"It's clearly an indication that this person is making a statement about whether one operating system is more insecure than another, and we can expect to see additional malware that's capable of operating across multiple platforms."
On Mac, the worm dropped one of two Ruby script viruses (in files called badbunny.rb or badbunnya.rb).
On Linux operating systems, it dropped badbunny.py as an XChat script and badbunny.pl, a Perl virus infecting other Perl files.
Linux and Mac users "need to be more diligent in providing protection for the machines with those operating systems," said O'Brien. "Up to this point, they've been able to avoid what some consider the added expense of spending money on software and resources required to maintain up-to-date anti-virus software."
In May 2006, Sophos researchers discovered the first malware for StarOffice, Sun Microsystems’ commercial productivity suite. Called the Stardust virus, that malware attempted to download a picture of porn star Silvia Saint.
Badbunny worm attacks OpenOffice across Windows, Mac and Linux
By Jim Carr on May 24, 2007 7:31AM
A proof-of-concept multiplatform macro worm that can attack OpenOffice on Windows, Mac and Linux PCs, has been sent to security vendor Sophos.
Got a news tip for our journalists? Share it with us anonymously here.