OpenOffice.org "Badbunny" worm hops across operating systems
John McCabe-Dansted
gmatht at gmail.com
Sat Jun 16 04:53:34 BST 2007
On 6/12/07, Scott (angrykeyboarder) <geekboy at angrykeyboarder.com> wrote:
> Malicious software targeting OpenOffice.org documents is spreading
> through multiple operating systems (Including Linux), according to
> Symantec....
>
> http://news.com.com/OpenOffice+worm+Badbunny+hops+across+operating+systems/2100-7349_3-6189961.html?tag=html.alert.hed
>
> (or http://preview.tinyurl.com/2qmqjj if you prefer).
One of the main protections Ubuntu had against viruses was that all
potentially dangerous code was downloaded from trusted repos. Macros
remove this defence. It would seem wise to react to this before the
problem grows. To bring macros in line with other program code,
perhaps only white listed and sand-boxed macros should be allowed?
We could also prepare plans for the case where some as yet unknown
weaknesses israpidly exploited by some virus. On such plan would be to
rapidly deploying ClamAV once the signature is added to the ClamAV
database (i.e. prepare ClamAV so it just needs to be added to
ubuntu-desktop for it to provide effective protection against known
viruses). Another piece of software that we could prepare to deal with
as yet unknown threats is Plash:
http://plash.beasts.org/
which could be used to confine likely vectors of infection like
web-browsers and mail clients as well as software found to be
insecure.
> Nils Kassube spake thusly on 06/11/2007 11:36 AM:
> If you have a brain, then yes that's correct.
>
> However, not everyone fits in that category. :)
It is easier to fix bugs in legacy code than bugs in legacy users.
Hence I'd suggest changing the design such that this becomes a bug we
can fix :)
--
John C. McCabe-Dansted
PhD Student
University of Western Australia
More information about the sounder
mailing list