…was the case that they gave me. Specifically, SB.Badbunny, a fairlynovel OpenOffice macro virus that attempts to spread via IRC. Thenovelty comes partly from the attention-grabbing trendiness of workingon OpenOffice and many Unix-based operating systems (Linux andMacintosh included), but also with its use of a variety of scriptinglanguages to improve portability. Badbunny doesn't just use theOpenOffice macro language, but has components written in Ruby,JavaScript, Python and Perl.
What makes this virus worth mentioning is that it illustrates howeasily scripting platforms, extensibility, plug-ins, ActiveX, etc, canbe abused. All too often, this is forgotten in the pursuit to matchfeatures with another vendor. Fortunately, in this case the ease-of-useof these scripting languages attracted an amateur developer who wrotemultiple critical bugs in the code, causing Badbunny to barelyreplicate.
Given that Web servers are an area where operating systems are stillvery much mix-and-match, and where the open-source Web server, Apache, rules ,the ability for malware to survive in a cross-platform,cross-application environment has particular relevance as more and moremalware is pushed out via Web sites. How long until someone usessomething like this to drop a JavaScript infector on a Web server,regardless of platform?
Already, we've seen even more sophisticated attacks, with 3rd-partyadvertisers, redirecting iframes, JavaScript and ANI/ActiveXvulnerabilities. Malware authors have even turned this into a c2c (criminal-to-criminal) business of sorts.
They just didn't advertise it with a man in a bunny suit; they were trying to make money.