LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page How to fix/prevent OpenOffice virus-BadBunny-
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-29-2007, 02:33 PM   #1
cucolin@
Member
 
Registered: Nov 2003
Location: USA
Distribution: Ubuntu, CentOS, RedHat
Posts: 416

Rep: Reputation: 31
How to fix/prevent OpenOffice virus-BadBunny-

I was looking at this article:
http://www.linuxsecurity.com/content/view/128321

I was wondering how to prevent or fix this thing? I know there are antivirus for Linux. I was looking at the openoffice.org site with no results. How can we fix this?

thanks
 
Old 08-29-2007, 03:13 PM   #2
makuyl
Senior Member
 
Registered: Dec 2004
Location: Helsinki
Distribution: Debian Sid
Posts: 1,107

Rep: Reputation: 54
Fix what? AFAICT the scripts only run when you intentionally open the badbunny file with OO. Probably just Symantec trying (again) to sell their products to mac and *nix users.
I opened the file in a test box in OO Impress with noexec on the file system. No disaster so far. Seems to have an redirect to http://toko.baliwae.com/ in the file properties. Sure can't find the perl files it's supposed to run/download. Well, the baliwae people seem to run Ubuntu which was about the only thing I found out by opening the file.

EDIT: It never asked if I wanted to run a macro. Would've asked if there was a macro wanting to run. Ergo, there wasn't any macros in the document, and yes, I did check.
Last edited by makuyl; 08-29-2007 at 03:23 PM.
 
Old 08-29-2007, 07:04 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by cucolin@ View Post
I was wondering how to prevent or fix this thing? I know there are antivirus for Linux. I was looking at the openoffice.org site with no results. How can we fix this?
I'm not sure how to fix it, as I'm not exactly sure what (if anything) is broken. But by downloading documents only from trusted sources, and scanning any documents before opening them, you are drastically reducing the possibilities of having rogue code like this run on your box. I did a quick search and it looks like any decent virus scanner would pick-up this BadBunny stuff in a heartbeat.
Last edited by win32sux; 08-29-2007 at 07:31 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: First OpenOffice virus emerges LXer Syndicated Linux News 0 05-22-2007 09:01 AM
First OpenOffice Macro Virus Appears suse91pro General 8 06-15-2006 04:32 PM
LXer: OpenOffice.org virus debunked by experts LXer Syndicated Linux News 1 06-03-2006 07:53 AM
LXer: OpenOffice Attracts its First Virus (and the press notices) LXer Syndicated Linux News 0 06-01-2006 10:21 PM
Is there a virus scanner out there that lets me check & fix windows2k from my fedora? FedoraFatCat Linux - Security 4 12-30-2004 05:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:23 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration