New Mac-compatible malware (OpenOffice)

[cube]

http://www.theregister.co.uk/2007/05/22/badbunny/

 

[72930]

BadBunny, is a proof-of-concept worm that's not been seen outside the lab

Ooh...I'm so scared...

 

[cube]

Yes, but you can write it.

 

[someguy]

Mac OS systems are infected with a Ruby script virus.

Which does what exactly?

 

[zephead]

Hmm, and would that affect NeoOffice as well?

 

[gauchogolfer]

Meanwhile, a macro included in this payload performs different functions depending on whether victims are running Windows, MacOS, or Linux. On Windows, for example, a JavaScript virus is executed and a mIRC script is run. Linux boxes are infected with a tiny Perl script and an XChat script. Mac OS systems are infected with a Ruby script virus.

The dropped XChat and mIRC scripts are used to replicate in an attempt to distribute the virus. Sections of the code also attempt to knock out access to anti-virus websites

Notice that they fail to mention the Ruby script doing anything in MacOSX.

So basically, if you download a picture from the internet, you're going to see a picture.

 

[longofest]

Notice that they fail to mention the Ruby script doing anything in MacOSX.

So basically, if you download a picture from the internet, you're going to see a picture.

I wouldn't say that so assuredly. A script written in ruby could potentially delete anything it has permission to.

So, if the script is using your user permissions (my guess), it would have the permissions to wipe out your entire iTunes library, iPhoto library, documents folder, and screw up your application preferences.

 

[gauchogolfer]

I wouldn't say that so assuredly. A script written in ruby could potentially delete anything it has permission to.

So, if the script is using your user permissions (my guess), it would have the permissions to wipe out your entire iTunes library, iPhoto library, documents folder, and screw up your application preferences.

I agree with your observation, I was just trying to point out that they listed possible ramifications/implications for the other OSes and not for OS X. Can Ruby run on OS X with no other 'installations' necessary? I guess I think of Ruby as something like Python, which I don't *think* can run independently on my system. Maybe I'm wrong, and if so, please let me know.

 

[SC68Cal]

I wasn't aware that Ruby was installed on OS X. Which, in fact it is. Hmm, learn something new everyday.

The main question is that on OS X, with a standard user account, will this exploit work correctly?

Though, most are running as Admin accounts, which means you deserve whatever you get.

 

[cube]

Hmm, and would that affect NeoOffice as well?

It should normally affect all varieties of OpenOffice/StarOffice.