Malware targets OpenOffice users

Discussion in 'NZ Computing' started by Jonathan Walker, May 23, 2007.

  1. Jonathan Walker, May 23, 2007
    #1
    1. Advertising

  2. In article <>, lid says...
    > http://www.sophos.com/security/analyses/sbbadbunnya.html
    >
    > http://www.theregister.co.uk/2007/05/22/badbunny/
    >
    > "" This is old-school malware - seemingly written to show off a proof of
    > concept rather than a serious attempt to spy on and steal from computer
    > users. A financially motivated hacker would have targeted more widely used
    > software and not incorporated such a bizarre image. ""
    >


    I wonder if the John Leyden that is named in theregister is the same as the Joe
    Leyden that was known/active around BBS circles in nz in the 80ies.

    -P.

    --
    =========================================
    firstname dot lastname at gmail fullstop com
     
    Peter Huebner, May 23, 2007
    #2
    1. Advertising

  3. Lawrence D'Oliveiro, May 23, 2007
    #3
  4. Jonathan Walker

    Gordon Guest

    On Wed, 23 May 2007 17:27:00 +1200, Lawrence D'Oliveiro wrote:

    > In message <>, Jonathan Walker wrote:
    >
    >> http://www.sophos.com/security/analyses/sbbadbunnya.html
    >>
    >> http://www.theregister.co.uk/2007/05/22/badbunny/

    >
    > Given how Java-heavy OpenOffice is, I think this gives the lie to the
    > claim that using a managed language like Java really makes any
    > difference to security. Also others have reported that OpenOffice is
    > actually more resource-hungry than M*#$%s&ft Office is.


    Open Office can be run java free. Somethings are missing if it is.
     
    Gordon, May 23, 2007
    #4
  5. On Wed, 23 May 2007 05:45:10 +0000, Gordon wrote:

    >> Given how Java-heavy OpenOffice is, I think this gives the lie to the
    >> claim that using a managed language like Java really makes any
    >> difference to security. Also others have reported that OpenOffice is
    >> actually more resource-hungry than M*#$%s&ft Office is.

    >
    > Open Office can be run java free. Somethings are missing if it is.


    And on the Linux platform, the script that is dropped is a PERL script.

    On MacOS X the script is a Ruby script, and on Windows the script is a
    Java script.


    --
    Jonathan Walker

    "You'll have to excuse me — I have a long
    bath and a short dress to get into."
     
    Jonathan Walker, May 23, 2007
    #5
  6. In message <>, Jonathan Walker wrote:

    > On Wed, 23 May 2007 05:45:10 +0000, Gordon wrote:
    >
    >>> Given how Java-heavy OpenOffice is, I think this gives the lie to the
    >>> claim that using a managed language like Java really makes any
    >>> difference to security. Also others have reported that OpenOffice is
    >>> actually more resource-hungry than M*#$%s&ft Office is.

    >>
    >> Open Office can be run java free. Somethings are missing if it is.

    >
    > And on the Linux platform, the script that is dropped is a PERL script.
    >
    > On MacOS X the script is a Ruby script, and on Windows the script is a
    > Java script.


    Are these scripts still dropped if the Java parts are disabled?
     
    Lawrence D'Oliveiro, May 24, 2007
    #6
  7. On Thu, 24 May 2007 12:27:48 +1200, Lawrence D'Oliveiro wrote:

    >> On MacOS X the script is a Ruby script, and on Windows the script is a
    >> Java script.

    >
    > Are these scripts still dropped if the Java parts are disabled?


    If you had actually read the article, your would have learned that the
    actual script in the OpenOffice document is a StarBasic macro script.

    So, either you should have Macro scripting turned off is OOo, or you
    should have no Java installed - or both.


    --
    Jonathan Walker

    "You'll have to excuse me — I have a long
    bath and a short dress to get into."
     
    Jonathan Walker, May 24, 2007
    #7
  8. In message <>, Jonathan Walker wrote:

    > On Thu, 24 May 2007 12:27:48 +1200, Lawrence D'Oliveiro wrote:
    >
    >>> On MacOS X the script is a Ruby script, and on Windows the script is a
    >>> Java script.

    >>
    >> Are these scripts still dropped if the Java parts are disabled?

    >
    > If you had actually read the article, your would have learned that the
    > actual script in the OpenOffice document is a StarBasic macro script.


    Which doesn't answer the question.
     
    Lawrence D'Oliveiro, May 24, 2007
    #8
  9. Jonathan Walker

    peterwn Guest

    Lawrence D'Oliveiro wrote:
    > In message <>, Jonathan Walker wrote:
    >
    >> http://www.sophos.com/security/analyses/sbbadbunnya.html
    >>
    >> http://www.theregister.co.uk/2007/05/22/badbunny/

    >
    > Given how Java-heavy OpenOffice is, I think this gives the lie to the claim
    > that using a managed language like Java really makes any difference to
    > security. Also others have reported that OpenOffice is actually more
    > resource-hungry than M*#$%s&ft Office is.


    It may be so. OpenOffice is a 'true' application so it has to abide by
    proper application protocols with respect to the operating system. This
    is the way it ought to be security-wise. MS Office tends to be a
    Siamese twin 'offshoot' of Windows, so has performance advantages of
    being sort of part of the operating system but at the risk of security
    and stability. Moreover it may not be as highly optimised as MS Office.

    However in the days of cheap hardware, any alleged performance
    deficiencies of Open Office are of little moment - security and
    stability should take priority over performance.

    In any case to suffer the virus, one would need to both open an infected
    file and specifically allow macros to run for that file. Moreover it is
    extremely unlikely that the virus can penetrate beyond user space, so
    cleaning up is relatively simple.
     
    peterwn, May 25, 2007
    #9
  10. Jonathan Walker

    impossible Guest

    "peterwn" <> wrote in message
    news:4656a0ba$...
    > Lawrence D'Oliveiro wrote:
    >> In message <>, Jonathan Walker wrote:
    >>
    >>> http://www.sophos.com/security/analyses/sbbadbunnya.html
    >>>
    >>> http://www.theregister.co.uk/2007/05/22/badbunny/

    >>
    >> Given how Java-heavy OpenOffice is, I think this gives the lie to
    >> the claim
    >> that using a managed language like Java really makes any difference
    >> to
    >> security. Also others have reported that OpenOffice is actually
    >> more
    >> resource-hungry than M*#$%s&ft Office is.

    >
    > It may be so. OpenOffice is a 'true' application so it has to abide
    > by proper application protocols with respect to the operating
    > system. This is the way it ought to be security-wise.


    And yet security remains a problem for this true pig of an
    application.

    > MS Office tends to be a Siamese twin 'offshoot' of Windows, so has
    > performance advantages of being sort of part of the operating system
    > but at the risk of security and stability.


    MS Office is not "part of the operating system" but is instead
    optimized performance-wise to work **with** the operating system
    (Windows, and to a lesser extent OS/X). WorkPerfect Office does much
    the same. Why can't OO developers match that level of performance?

    > Moreover it may not be as highly optimised as MS Office.
    >
    > However in the days of cheap hardware, any alleged performance
    > deficiencies of Open Office are of little moment - security and
    > stability should take priority over performance.
    >


    Only if the security and stability features of OO were demonstrably
    better could you make this argument stick. But then, oops -- "Malware
    targets Open Office users" -- so your sales pitch is what exactly?

    > In any case to suffer the virus, one would need to both open an
    > infected file and specifically allow macros to run for that file.


    Same as in MS Office.

    > Moreover it is extremely unlikely that the virus can penetrate
    > beyond user space, so cleaning up is relatively simple.


    Well, heck, why worry at all then?
     
    impossible, May 25, 2007
    #10
  11. On Fri, 25 May 2007 10:31:56 -0400, impossible wrote:

    >> It may be so. OpenOffice is a 'true' application so it has to abide by
    >> proper application protocols with respect to the operating system. This
    >> is the way it ought to be security-wise.

    >
    > And yet security remains a problem for this true pig of an application.


    How? And in what way is it a "true pig of an application"?


    --
    Jonathan Walker

    "You'll have to excuse me — I have a long
    bath and a short dress to get into."
     
    Jonathan Walker, May 25, 2007
    #11
  12. On Fri, 25 May 2007 10:31:56 -0400, impossible wrote:

    >> MS Office tends to be a Siamese twin 'offshoot' of Windows, so has
    >> performance advantages of being sort of part of the operating system but
    >> at the risk of security and stability.

    >
    > MS Office is not "part of the operating system" but is instead optimized
    > performance-wise to work **with** the operating system (Windows, and to a
    > lesser extent OS/X). WorkPerfect Office does much the same. Why can't OO
    > developers match that level of performance?


    Perhaps that's something to do with the fact that it uses M$IE to do page
    layout.

    Perhaps it's something to do with undocumented APIs.


    --
    Jonathan Walker

    "You'll have to excuse me — I have a long
    bath and a short dress to get into."
     
    Jonathan Walker, May 25, 2007
    #12
  13. Jonathan Walker

    impossible Guest

    "Jonathan Walker" <> wrote in message
    news:...
    > On Fri, 25 May 2007 10:31:56 -0400, impossible wrote:
    >
    >>> MS Office tends to be a Siamese twin 'offshoot' of Windows, so has
    >>> performance advantages of being sort of part of the operating
    >>> system but
    >>> at the risk of security and stability.

    >>
    >> MS Office is not "part of the operating system" but is instead
    >> optimized
    >> performance-wise to work **with** the operating system (Windows,
    >> and to a
    >> lesser extent OS/X). WorkPerfect Office does much the same. Why
    >> can't OO
    >> developers match that level of performance?

    >
    > Perhaps that's something to do with the fact that it uses M$IE to do
    > page
    > layout.
    >
    > Perhaps it's something to do with undocumented APIs.
    >
    >


    And perhaps its just badly designed. There are plenty of powerful,
    high-performing Windows applications. OO just doesn't happen to one of
    them.
     
    impossible, May 25, 2007
    #13
  14. Jonathan Walker

    impossible Guest

    "Jonathan Walker" <> wrote in message
    news:465732a7$...

    "impossible" <> wrote in message
    news:...
    >> "peterwn" <> wrote in message
    >> news:4656a0ba$...
    >>> Lawrence D'Oliveiro wrote:
    >>>> In message <>, Jonathan Walker wrote:
    >>>>
    >>>>> http://www.sophos.com/security/analyses/sbbadbunnya.html
    >>>>>
    >>>>> http://www.theregister.co.uk/2007/05/22/badbunny/
    >>>>
    >>>> Given how Java-heavy OpenOffice is, I think this gives the lie to
    >>>> the claim
    >>>> that using a managed language like Java really makes any
    >>>> difference
    >>>> to
    >>>> security. Also others have reported that OpenOffice is actually
    >>>> more
    >>>> resource-hungry than M*#$%s&ft Office is.
    >>>
    >>> It may be so. OpenOffice is a 'true' application so it has to
    >>> abide
    >>> by proper application protocols with respect to the operating
    >>> system. This is the way it ought to be security-wise.

    >>
    >> And yet security remains a problem for this true pig of an
    >> application.


    > How?


    Lost agin, are we? This the is "Malware targets OpenOffice forum.

    > And in what way is it a "true pig of an application"?


    See above. When you learn to quote properly, it'll be much easier for
    you to find the answers you're looking for.
     
    impossible, May 25, 2007
    #14
  15. Jonathan Walker

    Enkidu Guest

    impossible wrote:
    > "peterwn" <> wrote in message
    > news:4656a0ba$...
    >> Lawrence D'Oliveiro wrote:
    >>> In message <>, Jonathan Walker wrote:
    >>>
    >>>> http://www.sophos.com/security/analyses/sbbadbunnya.html
    >>>>
    >>>> http://www.theregister.co.uk/2007/05/22/badbunny/
    >>> Given how Java-heavy OpenOffice is, I think this gives the lie to
    >>> the claim that using a managed language like Java really makes
    >>> any difference to security. Also others have reported that
    >>> OpenOffice is actually more resource-hungry than M*#$%s&ft Office
    >>> is.

    >> It may be so. OpenOffice is a 'true' application so it has to
    >> abide by proper application protocols with respect to the operating
    >> system. This is the way it ought to be security-wise.

    >
    > And yet security remains a problem for this true pig of an
    > application.
    >

    In what way is it a pig? OO Word Processor starts up in 7 seconds on my
    machine. MS Word takes 35 seconds. OO is overall more responsive than MS
    Word.
    >
    >> MS Office tends to be a Siamese twin 'offshoot' of Windows, so has
    >> performance advantages of being sort of part of the operating
    >> system but at the risk of security and stability.

    >
    > MS Office is not "part of the operating system" but is instead
    > optimized performance-wise to work **with** the operating system
    > (Windows, and to a lesser extent OS/X). WorkPerfect Office does much
    > the same. Why can't OO developers match that level of performance?
    >

    They not only match it, they exceed it.
    >
    >> Moreover it may not be as highly optimised as MS Office.
    >>
    >> However in the days of cheap hardware, any alleged performance
    >> deficiencies of Open Office are of little moment - security and
    >> stability should take priority over performance.
    >>

    >
    > Only if the security and stability features of OO were demonstrably
    > better could you make this argument stick. But then, oops -- "Malware
    > targets Open Office users" -- so your sales pitch is what exactly?
    >

    That 'malware' was 'proof of concept'. Malware that targets MS
    applications is 'in the wild'.
    >
    >> In any case to suffer the virus, one would need to both open an
    >> infected file and specifically allow macros to run for that file.

    >
    > Same as in MS Office.
    >
    >> Moreover it is extremely unlikely that the virus can penetrate
    >> beyond user space, so cleaning up is relatively simple.

    >
    > Well, heck, why worry at all then?
    >

    Clean up of Word viruses can be extremely messy.

    Cheers,

    Cliff

    --

    Have you ever noticed that if something is advertised as 'amusing' or
    'hilarious', it usually isn't?
     
    Enkidu, May 26, 2007
    #15
  16. On Fri, 25 May 2007 15:34:49 -0400, impossible wrote:

    > OO just doesn't happen to one of them.


    OOo isn't a "windows application" - it is a cross platform office suite.


    --
    Jonathan Walker

    "You'll have to excuse me — I have a long
    bath and a short dress to get into."
     
    Jonathan Walker, May 26, 2007
    #16
  17. Jonathan Walker

    impossible Guest

    "Jonathan Walker" <> wrote in message
    news:...
    > On Fri, 25 May 2007 15:34:49 -0400, impossible wrote:


    >>>>Why can't OO developers match that level of performance?


    >>
    >> > Perhaps that's something to do with the fact that it uses M$IE to
    >> > do
    >>> page llayout.
    >>>
    >> > Perhaps it's something to do with undocumented APIs.

    >>
    >> And perhaps its just badly designed. There are plenty of powerful,
    >> high-performing Windows applications. OO just doesn't happen to one
    >> of them
    >>


    > OOo isn't a "windows application" - it is a cross platform office
    > suite.
    >
    >


    [yawn]
     
    impossible, May 26, 2007
    #17
  18. In article <46577a6b$>, says...
    > Clean up of Word viruses can be extremely messy.
    >
    > Cheers,
    >
    > Cliff


    Ain't that the truth. (Not that I use it myself, mind - word perfect for me
    thanks). I've scrubbed a few machines for people.

    -P.

    --
    =========================================
    firstname dot lastname at gmail fullstop com
     
    Peter Huebner, May 26, 2007
    #18
  19. Jonathan Walker

    impossible Guest

    "Enkidu" <> wrote in message
    news:46577a6b$...
    > impossible wrote:
    >> "peterwn" <> wrote in message
    >> news:4656a0ba$...
    >>> Lawrence D'Oliveiro wrote:
    >>>> In message <>, Jonathan Walker wrote:
    >>>>
    >>>>> http://www.sophos.com/security/analyses/sbbadbunnya.html
    >>>>>
    >>>>> http://www.theregister.co.uk/2007/05/22/badbunny/
    >>>> Given how Java-heavy OpenOffice is, I think this gives the lie to
    >>>> the claim that using a managed language like Java really makes
    >>>> any difference to security. Also others have reported that
    >>>> OpenOffice is actually more resource-hungry than M*#$%s&ft Office
    >>>> is.
    >>> It may be so. OpenOffice is a 'true' application so it has to
    >>> abide by proper application protocols with respect to the
    >>> operating
    >>> system. This is the way it ought to be security-wise.

    >>
    >> And yet security remains a problem for this true pig of an
    >> application.
    >>

    > In what way is it a pig? OO Word Processor starts up in 7 seconds on
    > my
    > machine. MS Word takes 35 seconds. OO is overall more responsive
    > than MS
    > Word.


    If you can find a benchmark study that supports this anecdote, I'd be
    pleased to look at it. But my own experience opening, manipulating,
    and saving real-world files in OO tends to confirm what every study
    I've looked at so far has concluded: OO is a pig at doing actual work.
    Hardly noticeable, I suppose if all you're doing is writing letters
    and performing simple calculations, but in the world of business,
    government, and research, this is definitely a big deal. On my own
    machine, both OO Writer and MS Word open in less than 3 seconds --
    it's what I can and cannot do afterward with these programs that
    matters to me. And of course comparisons between OO Calc and MS Excel
    are much the worse.
     
    impossible, May 26, 2007
    #19
  20. On Sat, 26 May 2007 11:13:02 -0400, impossible wrote:

    >> In what way is it a pig? OO Word Processor starts up in 7 seconds on my
    >> machine. MS Word takes 35 seconds. OO is overall more responsive than MS
    >> Word.

    >
    > If you can find a benchmark study that supports this anecdote, I'd be
    > pleased to look at it. But my own experience opening, manipulating, and
    > saving real-world files in OO tends to confirm what every study I've
    > looked at so far has concluded: OO is a pig at doing actual work. Hardly
    > noticeable, I suppose if all you're doing is writing letters and
    > performing simple calculations, but in the world of business, government,
    > and research, this is definitely a big deal. On my own machine, both OO
    > Writer and MS Word open in less than 3 seconds -- it's what I can and
    > cannot do afterward with these programs that matters to me. And of course
    > comparisons between OO Calc and MS Excel are much the worse.


    None of the above explains why you describe OOo as "a pig".

    Please would you elaborate further. What specific tasks were *you* trying
    to do in OOo that *you* could not reasonably easily do?

    And how long have you been using OOo on a regular every-day basis?


    --
    Jonathan Walker

    "You'll have to excuse me — I have a long
    bath and a short dress to get into."
     
    Jonathan Walker, May 27, 2007
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Au79

    Trojan targets Word users in the West

    Au79, May 26, 2006, in forum: Computer Support
    Replies:
    0
    Views:
    367
  2. Au79
    Replies:
    24
    Views:
    682
    Jimchip
    Jul 27, 2006
  3. Au79
    Replies:
    19
    Views:
    703
    William Poaster
    Apr 4, 2007
  4. John C
    Replies:
    2
    Views:
    504
    John C
    Sep 8, 2007
  5. Craig Shore

    Latest Westpac scam targets NZ users

    Craig Shore, Jul 6, 2004, in forum: NZ Computing
    Replies:
    11
    Views:
    825
    theseus
    Jul 6, 2004
Loading...

Share This Page