The first cross-platform worm specifically tailored for the open-source OpenOffice.org and StarOffice productivity suites has raised a few hackles in open-source circles, since it appears to tarnish the suite’s reputation for security.In some ways, the worm, which Sophos calls SB/Badbunny-A, is insignificant. It is not very well written, and is so unlikely to spread that the virus writers e-mailed it to Sophos themselves, the company said.What has open-source fans riled, however, is the fact that a functional worm exists at all that can exploit OpenOffice’s scripting features to carry out potentially malicious actions and to spread over the Internet.Macro viruses have been around for decades and are a well-known problem for Microsoft Office. That makes it all the more perplexing, some industry commentators said, that a proof-of-concept worm has been put together that can exploit the relatively new, open-source OpenOffice suite in exactly the same way. Badbunny executes when a user opens a file called badbunny.odg. It attempts to download and display an indecent picture of a man in a bunny suit performing a sexual act in the woods, according to Sophos.The worm carries out different actions depending on the operating system, working on Mac OS X, Linux and Windows, the company said. On Linux it attempts to spread via XChat or mIRC scripts. Sophos Director Mark Harris said the worm appeared to have been written solely to prove that OpenOffice and StarOffice can easily support such malware.“This harks back to the old days of malware when it was written to show off computer prowess,” Harris said in a blog post. “The focus has changed over the years and is now about making money.”Some in the open-source community said it was absurd that no mechanism has been put in place, even in modern, open-source applications, to do away with such dangers as macro viruses.“We’ve known about macro viruses for 20 years, and the danger of putting executable code in documents for about the same, and yet, in 2007, an open-source application, backed by a major Unix vendor is released with this vulnerability?” wrote one reader on the Slashdot discussion site. “Apparently many eyes do not make bugs shallow.” —Matthew Broersma, Techworld.com Related content brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe