BAdBunny (was Re: Antivirus for Ubuntu )

Peter Garrett peter.garrett at
Fri May 25 05:22:25 UTC 2007

On Thu, 24 May 2007 20:00:42 -0700
NoOp <glgxg at> wrote:

> See:
> [click on 'Advanced']
> <quote>
>  - On Linux, it drops a file named that is a Perl file
> infector also detected as SB/BadBunny-A.
> </quote>

Well ... interesting commentary at

Also ( quote) from

It is possible in any capable macro language, including those in, to write simple 'virus-like' programs. Currently, follows industry best practice to mitigate the risk. If the
software detects macros in a document being opened, by default it displays
a warning and will only run the macro if the user specifically agrees. In
any macro-capable tool, it is essential to verify the origin and
authenticity of the document before executing macros. To this end, has also included advanced digital signature capabilities. 


Not suggesting we should be complacent, but it seems from the above that
infection would be an egregious case of PEBKAC here.

Also entertaining is this 

The worm, which has not been reported at any customer sites, downloads and
displays a pornographic picture of a scantily clad woman with a man
dressed as a rabbit.


Which goes on to say "The group responsible for writing the BadBunny
malware don't seem to have much confidence in it spreading as they have
sent it directly to our labs. The hackers have written plenty of StarBasic
malware in the past, but the most 'in the wild' this one is likely to get
is by displaying a picture of a furvert in the woods," said Graham Cluley,
senior technology consultant for Sophos."

Of course, clicking on Windows virus attachments is classic PEBKAC as
well, so it's worth being aware of this kind of stuff.

You're right that this kind of thing will become more common if Linux
starts to take up more on the desktop, though.


More information about the ubuntu-users mailing list