Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Malware targets OpenOffice users

Reply
Thread Tools

Malware targets OpenOffice users

 
 
Jonathan Walker
Guest
Posts: n/a
 
      05-23-2007
http://www.sophos.com/security/analy...badbunnya.html

http://www.theregister.co.uk/2007/05/22/badbunny/

"" This is old-school malware - seemingly written to show off a proof of
concept rather than a serious attempt to spy on and steal from computer
users. A financially motivated hacker would have targeted more widely used
software and not incorporated such a bizarre image. ""


--
Jonathan Walker

"You'll have to excuse me — I have a long
bath and a short dress to get into."
 
Reply With Quote
 
 
 
 
Peter Huebner
Guest
Posts: n/a
 
      05-23-2007
In article <(E-Mail Removed)>, http://www.velocityreviews.com/forums/(E-Mail Removed)lid says...
> http://www.sophos.com/security/analy...badbunnya.html
>
> http://www.theregister.co.uk/2007/05/22/badbunny/
>
> "" This is old-school malware - seemingly written to show off a proof of
> concept rather than a serious attempt to spy on and steal from computer
> users. A financially motivated hacker would have targeted more widely used
> software and not incorporated such a bizarre image. ""
>


I wonder if the John Leyden that is named in theregister is the same as the Joe
Leyden that was known/active around BBS circles in nz in the 80ies.

-P.

--
=========================================
firstname dot lastname at gmail fullstop com
 
Reply With Quote
 
 
 
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      05-23-2007
In message <(E-Mail Removed)>, Jonathan Walker wrote:

> http://www.sophos.com/security/analy...badbunnya.html
>
> http://www.theregister.co.uk/2007/05/22/badbunny/


Given how Java-heavy OpenOffice is, I think this gives the lie to the claim
that using a managed language like Java really makes any difference to
security. Also others have reported that OpenOffice is actually more
resource-hungry than M*#$%s&ft Office is.
 
Reply With Quote
 
Gordon
Guest
Posts: n/a
 
      05-23-2007
On Wed, 23 May 2007 17:27:00 +1200, Lawrence D'Oliveiro wrote:

> In message <(E-Mail Removed)>, Jonathan Walker wrote:
>
>> http://www.sophos.com/security/analy...badbunnya.html
>>
>> http://www.theregister.co.uk/2007/05/22/badbunny/

>
> Given how Java-heavy OpenOffice is, I think this gives the lie to the
> claim that using a managed language like Java really makes any
> difference to security. Also others have reported that OpenOffice is
> actually more resource-hungry than M*#$%s&ft Office is.


Open Office can be run java free. Somethings are missing if it is.
 
Reply With Quote
 
Jonathan Walker
Guest
Posts: n/a
 
      05-23-2007
On Wed, 23 May 2007 05:45:10 +0000, Gordon wrote:

>> Given how Java-heavy OpenOffice is, I think this gives the lie to the
>> claim that using a managed language like Java really makes any
>> difference to security. Also others have reported that OpenOffice is
>> actually more resource-hungry than M*#$%s&ft Office is.

>
> Open Office can be run java free. Somethings are missing if it is.


And on the Linux platform, the script that is dropped is a PERL script.

On MacOS X the script is a Ruby script, and on Windows the script is a
Java script.


--
Jonathan Walker

"You'll have to excuse me — I have a long
bath and a short dress to get into."
 
Reply With Quote
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      05-24-2007
In message <(E-Mail Removed)>, Jonathan Walker wrote:

> On Wed, 23 May 2007 05:45:10 +0000, Gordon wrote:
>
>>> Given how Java-heavy OpenOffice is, I think this gives the lie to the
>>> claim that using a managed language like Java really makes any
>>> difference to security. Also others have reported that OpenOffice is
>>> actually more resource-hungry than M*#$%s&ft Office is.

>>
>> Open Office can be run java free. Somethings are missing if it is.

>
> And on the Linux platform, the script that is dropped is a PERL script.
>
> On MacOS X the script is a Ruby script, and on Windows the script is a
> Java script.


Are these scripts still dropped if the Java parts are disabled?
 
Reply With Quote
 
Jonathan Walker
Guest
Posts: n/a
 
      05-24-2007
On Thu, 24 May 2007 12:27:48 +1200, Lawrence D'Oliveiro wrote:

>> On MacOS X the script is a Ruby script, and on Windows the script is a
>> Java script.

>
> Are these scripts still dropped if the Java parts are disabled?


If you had actually read the article, your would have learned that the
actual script in the OpenOffice document is a StarBasic macro script.

So, either you should have Macro scripting turned off is OOo, or you
should have no Java installed - or both.


--
Jonathan Walker

"You'll have to excuse me — I have a long
bath and a short dress to get into."
 
Reply With Quote
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      05-24-2007
In message <(E-Mail Removed)>, Jonathan Walker wrote:

> On Thu, 24 May 2007 12:27:48 +1200, Lawrence D'Oliveiro wrote:
>
>>> On MacOS X the script is a Ruby script, and on Windows the script is a
>>> Java script.

>>
>> Are these scripts still dropped if the Java parts are disabled?

>
> If you had actually read the article, your would have learned that the
> actual script in the OpenOffice document is a StarBasic macro script.


Which doesn't answer the question.

 
Reply With Quote
 
peterwn
Guest
Posts: n/a
 
      05-25-2007
Lawrence D'Oliveiro wrote:
> In message <(E-Mail Removed)>, Jonathan Walker wrote:
>
>> http://www.sophos.com/security/analy...badbunnya.html
>>
>> http://www.theregister.co.uk/2007/05/22/badbunny/

>
> Given how Java-heavy OpenOffice is, I think this gives the lie to the claim
> that using a managed language like Java really makes any difference to
> security. Also others have reported that OpenOffice is actually more
> resource-hungry than M*#$%s&ft Office is.


It may be so. OpenOffice is a 'true' application so it has to abide by
proper application protocols with respect to the operating system. This
is the way it ought to be security-wise. MS Office tends to be a
Siamese twin 'offshoot' of Windows, so has performance advantages of
being sort of part of the operating system but at the risk of security
and stability. Moreover it may not be as highly optimised as MS Office.

However in the days of cheap hardware, any alleged performance
deficiencies of Open Office are of little moment - security and
stability should take priority over performance.

In any case to suffer the virus, one would need to both open an infected
file and specifically allow macros to run for that file. Moreover it is
extremely unlikely that the virus can penetrate beyond user space, so
cleaning up is relatively simple.
 
Reply With Quote
 
impossible
Guest
Posts: n/a
 
      05-25-2007
"peterwn" <(E-Mail Removed)> wrote in message
news:4656a0ba$(E-Mail Removed)...
> Lawrence D'Oliveiro wrote:
>> In message <(E-Mail Removed)>, Jonathan Walker wrote:
>>
>>> http://www.sophos.com/security/analy...badbunnya.html
>>>
>>> http://www.theregister.co.uk/2007/05/22/badbunny/

>>
>> Given how Java-heavy OpenOffice is, I think this gives the lie to
>> the claim
>> that using a managed language like Java really makes any difference
>> to
>> security. Also others have reported that OpenOffice is actually
>> more
>> resource-hungry than M*#$%s&ft Office is.

>
> It may be so. OpenOffice is a 'true' application so it has to abide
> by proper application protocols with respect to the operating
> system. This is the way it ought to be security-wise.


And yet security remains a problem for this true pig of an
application.

> MS Office tends to be a Siamese twin 'offshoot' of Windows, so has
> performance advantages of being sort of part of the operating system
> but at the risk of security and stability.


MS Office is not "part of the operating system" but is instead
optimized performance-wise to work **with** the operating system
(Windows, and to a lesser extent OS/X). WorkPerfect Office does much
the same. Why can't OO developers match that level of performance?

> Moreover it may not be as highly optimised as MS Office.
>
> However in the days of cheap hardware, any alleged performance
> deficiencies of Open Office are of little moment - security and
> stability should take priority over performance.
>


Only if the security and stability features of OO were demonstrably
better could you make this argument stick. But then, oops -- "Malware
targets Open Office users" -- so your sales pitch is what exactly?

> In any case to suffer the virus, one would need to both open an
> infected file and specifically allow macros to run for that file.


Same as in MS Office.

> Moreover it is extremely unlikely that the virus can penetrate
> beyond user space, so cleaning up is relatively simple.


Well, heck, why worry at all then?


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MDL - A Site For Monitoring Domains Hosting Or Directing Users To Malware John C Computer Security 2 09-08-2007 01:24 PM
Microsoft email application flaw targets Vista users Au79 Computer Support 19 04-04-2007 11:53 AM
Malware targets holes Microsoft already plugged Au79 Computer Support 24 07-27-2006 01:19 AM
Trojan targets Word users in the West Au79 Computer Support 0 05-26-2006 01:10 AM
Latest Westpac scam targets NZ users Craig Shore NZ Computing 11 07-06-2004 09:32 PM



Advertisments