BAdBunny (was Re: Antivirus for Ubuntu )

Peter Garrett peter.garrett at optusnet.com.au
Fri May 25 05:22:25 UTC 2007 

On Thu, 24 May 2007 20:00:42 -0700
NoOp <glgxg at mfire.com> wrote:

> See:
> 
> http://secunia.com/search/?search=openoffice
>  http://secunia.com/virus_information/38489/
>   http://www.sophos.com/security/analyses/sbbadbunnya.html
> [click on 'Advanced']
> <quote>
>  - On Linux, it drops a file named badbunny.pl that is a Perl file
> infector also detected as SB/BadBunny-A.
> </quote>

Well ... interesting commentary at

http://blogs.sun.com/malte/entry/sb_badbunny_a_harmless_little

Also ( quote) from

http://www.nabble.com/Press-reports-regarding-%22SB-BadBunny-A%22-virus-t3805420.html

<quote>
It is possible in any capable macro language, including those in
OpenOffice.org, to write simple 'virus-like' programs. Currently,
OpenOffice.org follows industry best practice to mitigate the risk. If the
software detects macros in a document being opened, by default it displays
a warning and will only run the macro if the user specifically agrees. In
any macro-capable tool, it is essential to verify the origin and
authenticity of the document before executing macros. To this end,
OpenOffice.org has also included advanced digital signature capabilities. 

</quote>

Not suggesting we should be complacent, but it seems from the above that
infection would be an egregious case of PEBKAC here.

Also entertaining is this 

<quote>
The worm, which has not been reported at any customer sites, downloads and
displays a pornographic picture of a scantily clad woman with a man
dressed as a rabbit.
</quote>

>From 
http://www.sophos.com/pressoffice/news/articles/2007/05/badbunny.html

Which goes on to say "The group responsible for writing the BadBunny
malware don't seem to have much confidence in it spreading as they have
sent it directly to our labs. The hackers have written plenty of StarBasic
malware in the past, but the most 'in the wild' this one is likely to get
is by displaying a picture of a furvert in the woods," said Graham Cluley,
senior technology consultant for Sophos."

Of course, clicking on Windows virus attachments is classic PEBKAC as
well, so it's worth being aware of this kind of stuff.

You're right that this kind of thing will become more common if Linux
starts to take up more on the desktop, though.

Peter

More information about the ubuntu-users mailing list