Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Macro virus aims at OpenOffice, StarOffice
Published: 2006-05-30

An unknown virus writer has created the first macro virus that targets computers running the alternative word processors OpenOffice and StarOffice, antivirus firm Kaspersky Labs said on Tuesday.

The virus, which Kaspersky called StarOffice.Stardust.A on its Viruslist blog, is written in StarBasic, a variant of the BASIC programming language designed for scripting common functions in the StarOffice and OpenOffice word processors. While the virus attempts to spread to computers through OpenOffice and StarOffice, Kaspersky called the functionality theoretical.

"Stardust is a pure proof-of-concept--it doesn't contain any malware payload except loading a picture via link on an attacked computer," Alexey Zernov, a spokesman for Kaspersky, said in an e-mail interview with SecurityFocus.

Viruses that attack word processing applications have returned to center stage after the disappearance of macro viruses in 2000. This month, several companies have reported attacks using a flaw in Microsoft Word to compromise Windows systems and install software capable of giving remote access to the system. Sun Microsystems, the developer of StarOffice, has boasted in the past about the security of its software developed in collaboration with open-source projects.

Security experts have not stopped debating the security merits of open-source software versus those of proprietary software. Open-source advocates argue that public code means bugs are found quicker, while proprietary advocates argue that expert quality control can create more secure code without tipping off potential attackers to the weaknesses in the program.

Stardust.A's image loading functionality should work on any platform--Windows, Mac or Linux--on which OpenOffice and StarOffice run.

UPDATE: A comment from Kaspersky was added to the news brief at approximately 8 a.m. PST.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus