First OpenOffice Virus, Not In the Wild 169
NZheretic writes "According to APCmag, the first cross-platform OpenOffice.org virus — 'SB/Badbunny-A' — was emailed directly to Sophos from the virus developers. The proof-of-concept virus affects Windows, Mac OS X, and Linux systems and uses different methods on each. It has not yet been seen in the wild. Despite Sun's OpenOffice.org developer Malte Timmermann's claims to the contrary, this kind of embedded scripting attack represents a real threat to OpenOffice.org users. Back in June 2000 when Sun first announced the open sourcing of OpenOffice.org, the twelfth email to the open discussion list put forward a two-part solution for providing OpenOffice users with Safe(r) Scripting using restricted-mode execution by default and access by signed digital certificates. In October 2000 the issue of treating security as an 'add-on' feature rather than as a 'system property' was again raised. Is it time to now introduce such measures to the OpenOffice.org Core to greatly reduce any future risk from scripted infections?"
Virus Name (Score:3, Funny)
The real problem (Score:5, Funny)
Finally feature compatible with Office (Score:5, Funny)
:BEGIN HUMOR:
Well, finally OpenOffice has become a viable Office Suite, having finally added the most notable features of Office, namely script exploit capabilities. It's about time... now there is nothing keeping people from switching to OO!!!
:END HUMOR:
Re:The backdoor from hell (Score:5, Funny)
You just conceived it? Congratulations! Do you have a name picked out?
Re:The real solution (Score:5, Funny)
Re:The backdoor from hell (Score:5, Funny)
The "backdoor from hell" already has a name: hello.jpg.
Comment removed (Score:2, Funny)
Re:The real solution (Score:2, Funny)
- has content linked in (THAT would open a whole can of trust-this-trust-that now would it!)
- has bugs in web, app or db server.
- accepts malicious content including links to content
- you don't know if you can trust everyone with or who could get admin access to that server.
More or less. But it cant be that hard now can it, because I've heard of people making these decisions in realtime, while they surf.
In the darkest nightmares of Linux geeks.... (Score:4, Funny)
(Cue screen of XRoach for no obvious reason)
(Images from DOOM, for the oblig. explosions and gratuitous violence)
(Typing on an XChat console, the first related scene so far but still stupid)
(Scene shifts to Sun Microsystems and then to the OpenOffice group - vaguely related, sort of)
(Switch to any old virus research lab, nobody can tell them apart)
(Switch to a movie certificate for Open Virus, the Movie, rated C++)
Re:The real solution (Score:5, Funny)
Hmmm...this sounds familiar.
I think you just described Slashdot.
-- a really old
Re:Ding! (Score:3, Funny)
Oooh... I wonder how that will work on Vista?
Vista: Open Office wants permission to generate a pop-up requesting approval to run a possibly malicious script... Cancel/Allow
...Allow
OO: OO needs permission to run a script... Cancel/Allow
...Allow
Vista: Open Office is trying to run a script... Cancel/Allow
...Allow
Vista: Steve Ballmer is about to throw a chair at you... Allow/Duck & Allow
Re:The real solution (Score:3, Funny)
Correction -- low 5-digits.
No not the account, I mean you
Re:The real solution (Score:3, Funny)