[equinux] [Fwd: Avert Labs Low-Profiled Threat Notice: StarOffice/BadBunny]

Guillermo Salas M gsalas en mantareys.com
Mie Mayo 23 15:20:03 EDT 2007 

On Wed, 2007-05-23 at 12:22 -0500, Burkhard Vogel wrote:
> Se ha encontrado un viros que infecta Star/Open-Office
> Burkhard
> 

El equipo de OpenOffice.org se ha pronunciado al respecto:

                              From: 
John McCreesh <jpmcc en openoffice.org>
                          Reply-To: 
announce en openoffice.org
                                To: 
announce en openoffice.org
                           Subject: 
[ooo-announce] Press reports
regarding "SB/BadBunny-A" virus
                              Date: 
Wed, 23 May 2007 18:11:46 +0100
(BST)  (12:11 ECT)


There has been press comment recently about the "SB/BadBunny-A" virus
affecting OpenOffice.org reported by an anti-virus company.[1]

Industry best practice would have been for the anti-virus company to
report the virus to the OpenOffice.org security team before making this
information public. Unfortunately this did not happen in this case.
OpenOffice.org will issue a detailed analysis once a copy of the virus
has
been received. However, due to the volume of interest in the media, the
Community would like to issue the following comments, based on the
information available.

Macros are a useful part of any office suite, allowing users to automate
repetitive tasks. These tasks include potentially destructive actions
such
as modifying and deleting files, which is why macros are of interest to
virus writers.

It is possible in any capable macro language, including those in
OpenOffice.org, to write simple 'virus-like' programs. Currently,
OpenOffice.org follows industry best practice to mitigate the risk. If
the
software detects macros in a document being opened, by default it
displays
a warning and will only run the macro if the user specifically agrees.
In
any macro-capable tool, it is essential to verify the origin and
authenticity of the document before executing macros. To this end,
OpenOffice.org has also included advanced digital signature
capabilities.

The OpenOffice.org engineers take the security of the software very
seriously, and will react promptly to any new issues. To do this, they
require access to the source code for the alleged virus. From
information
currently available, it is unlikely that this new virus contains any
novel
features which would require a software patch. Technically, it is not
even
a virus, as it is not "self-replicating" - with OpenOffice.org's default
settings, it cannot spread without user intervention.

However, the OpenOffice.org community repeats the consistent message
from
security experts that users should never accept files from unknown
sources. For any security issue, please visit OpenOffice.org's Security
Team page [2] and send a note to security-team en openoffice.org.

[1] http://www.sophos.com/security/analyses/sbbadbunnya.html
[2] http://www.openoffice.org/security/












> -------- Original Message --------
> Subject: 	Avert Labs Low-Profiled Threat Notice: StarOffice/BadBunny
> Date: 	Wed, 23 May 2007 05:35:47 -0600
> From: 	AVERT_Notice en Avertlabs.com
> To: 	Burkhard en andean-netservice.com
> 
> 
> 
> Notice
> This is a Low-Profiled Threat Notice for StarOffice/BadBunny
> 
> Justification
> StarOffice/BadBunny has been deemed Low-Profiled due to media attention at 
> http://www.theregister.co.uk/2007/05/22/badbunny/
>   
> 
> Read About It
> Information about StarOffice/BadBunny is located on VIL at: 
> 
> http://vil.nai.com/vil/content/v_142297.htm
> 
> Detection
> StarOffice/BadBunny was first discovered on 23rd May 2007 and detection will 
> 
> be added to the 5037 dat files (Release Date: 23rd May 2007).
> 
> Though we consider this a low threat, An EXTRA.DAT file may be downloaded 
> 
> via the McAfee AVERT Extra.dat Request Page: 
> 
> <https://www.webimmune.net/extra/getextra.aspx>
> 
> If you suspect you have StarOffice/BadBunny, please submit a sample to 
> 
> <http://www.webimmune.net>
> 
> Risk Assessment Definition
> For further information on the Risk Assessment and Avert Labs Recommended 
> 
> Actions please see: 
> 
> <http://www.mcafee.com/us/threat_center/outbreaks/virus_library/risk_assessm
> 
> ent.html>
> 
> Best Regards, 
> 
> McAfee Avert Labs - Come visit our Blog - 
> 
> http://www.avertlabs.com/research/blog/
> 
> You are currently subscribed to avertalert as: 
> 
> Burkhard en andean-netservice.com
> To unsubscribe send a blank email to leave-335078-300792V en listserv.nai.com
> 
> 
> 
> _______________________________________________
> equinux mailing list
> equinux en nuevared.org
> http://nuevared.org/mailman/listinfo/equinux_nuevared.org
-- 

Guillermo Salas M.
Celular  : +593 9 985 5138
USA      : 1 360 515 4284
e-mail   : gsalas en mantareys.com
www      : http://www.mantareys.com
Support  : http://soporte.mantareys.com

Linux User: 255902

Beat me, whip me, make me use Windows!

Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html

Please avoid the Top Posting, see
http://es.wikipedia.org/wiki/Top-posting

Más información sobre la lista de distribución equinux