SonicWALL has announced that its Unified Threat Management (UTM) technology has distributed defensive measures to its customers against the newly-discovered BadBunny-A worm, which targets OpenOffice Software running on several different operating systems. SonicWALL first issued signatures designed to protect subscribers to its dynamic threat prevention services against exploits of this worm on Tuesday, May 22.
The BadBunny-A macro worm targets the Open Source office package OpenOffice, running on Windows, Mac and Linux operating systems. The malware uses StarBasic scripting language that also drops scripts into other languages, to download and display an indecent JPEG image of a man wearing a bunny suit. Computers become infected when users open an OpenOffice Draw file titled badbunny.odg.
Depending on the target's operating system, a macro included in the file performs different functions. Within a Windows operating system, the worm drops a file called drop.bad which is moved to the system.ini in the mIRC folder. Within windows the macro will also drop and execute badbunny.js, a java script virus that replicates to other files in the folder. In Mac OS, the worm drops one of two Ruby script viruses in either files badbunny.rb or badbunnya.rb. The worm drops a badbunny.py as an XChat script and a badbunny.pl, a tiny Perl virus infecting other Perl files within Linux operating systems. The dropped XChat and mIRC scripts are used to replicate and distribute the virus and initiates DCC transfers to others of the original badbunny.odg OpenOffice file.
It seems that intention behind the BadBunny worm is to show that multiple platforms can be infected by exploiting macro features in OpenOffice, and does not appear to be financially motivated.
Users of SonicWALL's dynamic threat prevention services are currently protected by these main signatures:
BadBunny.A (Worm)
BadBunny.A#enc (Worm)
SonicWALL has developed unique technologies to deliver gateway anti-virus, anti-spyware and intrusion prevention signatures to its subscribers on a continual basis, allowing them to defend against worms like BadBunny-A as well as attacks and exploits such as phishing, viruses, DHA or DoS attacks and more.
|
