OpenOffice worm witnessed in the wild

Sophos has announced the discovery of a new multiplatform worm that attempts to download and display an indecent JPEG image of a man wearing a bunny suit performing a sexual act in woodland.

Badbunny-A is a macro worm for open source office suite OpenOffice/StarBasic, that drops scripts in several other languages. It first infects computer users when they open an OpenOffice Draw file called badbunny.odg. A macro within the file performs different functions depending on whether the user is running Windows, MacOS or Linux – these can include executing other self-replicating JavaScript and Perl viruses.

The worm also downloads and displays an illicit image of a scantily clad woman with a man dressed as a rabbit, irrespective of the operating system being used.

“The group responsible for writing the BadBunny malware doesn’t seem to have much confidence in it spreading, as it sent the worm directly to our labs. The hackers have written plenty of StarBasic malware in the past, but the most ‘in the wild’ this one is likely to get is by displaying a picture of a furvert in the woods,” said Graham Cluley, senior technology consultant for Sophos. “This is old-school malware – seemingly written to show off and prove a proof of concept rather than a serious attempt to spy on and steal from computer users. A financially motivated hacker would have targeted more widely-used software and been more discreet in their use of imagery.”