May 31, 2006 10:30 AM PDT

Stardust virus lands on OpenOffice

Researchers at Kaspersky Lab have spotted what they believe is the first virus for OpenOffice, the open-source rival to Microsoft's Office productivity suite.

The virus, dubbed Stardust, is capable of infecting OpenOffice and StarOffice, which is sold by Sun Microsystems, a Kaspersky Lab researcher wrote on the Russian company's Viruslist Web site on Tuesday.

Got views on Vista?

"Stardust is a macro virus written for StarOffice, the first one I've seen," the researcher wrote. "Macro viruses usually infect MS Office applications."

The pest is written in Star Basic. It downloads an image file with adult content from the Internet and opens that file in a new document, according to Kaspersky's posting.

Macros are a useful part of any office suite, allowing users to automate repetitive tasks. "These tasks include potentially destructive actions, such as modifying and deleting files, which is why macros are of interest to virus writers," the OpenOffice team wrote in a response to the virus.

To mitigate against the macro virus risk, OpenOffice detects if a document contains macros, displays a warning and will only run the macro if the user chooses to do so, the OpenOffice team wrote.

So far, Stardust is a proof-of-concept virus, which means that it was created to demonstrate that an OpenOffice virus is possible. The virus has not been sent out in the wild and is not actually attacking people's systems.

The story is different for Microsoft Office applications: A yet-to-be-patched security hole in Word has been exploited in at least one recent cyberattack.

A new "macro virus" is like a blast from the past. Viruses have evolved significantly. Boot sector pests were around between 1986 to 1995, followed by macro viruses that exploited early Microsoft Windows operating systems, according to security company F-Secure. The advent of e-mail subsequently propelled e-mail viruses such as the "I Love You" and the Anna Kournikova virus.

See more CNET content tagged:
Stardust, macro virus, OpenOffice, StarOffice, Kaspersky Lab

11 comments

Join the conversation!
Add your comment
That's nice.
You can write a macro that will download a
picture and include it in a document. It would
be a virus if it: couldn't be readily stopped,
affected other documents, setup a spamming
service, or affected the system (files/security)
somehow. However, the proof-of-concept doesn't
seem to do that.
Posted by Zymurgist (397 comments )
Reply Link Flag
*Nelson laugh*
Ha Haaaa!
Posted by Kent Pribbernow (14 comments )
Reply Link Flag
Here is the first real test
Well here is Open Office's first test against Microsoft. Let's see how fast they respond to this new information and plug the security hole. I know in most open source projects it doesn't take long for the fix to come out.
Posted by gnotellaluvr (16 comments )
Reply Link Flag
Not necessarily true...
Well...macros are on, however, the default security level of executing macros requires user interaction to verify the trustworthiness of the macro itself. That's the medium setting in OOo 2.x.

I think the security is already in place, no?
Posted by `WarpKat (275 comments )
Link Flag
OO already prompts you...
By default, anyway, before running the Macro.
They still haven't demonstrated it modifying
another document, propagating itself,
downloading additional code from the net, or
doing any of the other things one associates
with a virus.

They were able to write a script that created a
new document with an image in (specified by
external URL). While it might make for some
silly pranks, they have yet to get it to do
something dangerous.

I suppose one could patch it from "prompt user
before running macros" to "never run macros", or
"don't accept hostnames in URLs for images other
than localhost and 127.0.0.*" , but for lack of
something malign I would think that's not
likely.
Posted by Zymurgist (397 comments )
Link Flag
I wonder who wrote it and why
Bill Gates...I'm looking in your direction.
Posted by Tobyhamilton (4 comments )
Reply Link Flag
your an idiot
openoffice is no more popular so now it is a target.

Why does apple not get viruses? Because it is 5% of the total market share.

Why would virus writers waste there time on a 5% market share

Personally I hope apple and openoffice get slammed a little, its about time.

I wonder who wrote and why?

why? people like you I am so sick of, you are like why would soemone target open source software oh boo boo....

I think its great, lets see how opensource reacts to security threats now, I am thinking not so well
Posted by mcepat (118 comments )
Link Flag
The first ever non-Microsoft macro virus?
Wow, does this now invalidate the statement "There is no such thing as a macro virus, only a Microsoft Office macro virus"? This really is news...

Number of Microsoft macro viruses: Too many to count. Thousands?

Number of macro viruses in every other known product to the entire world: 1

Hmmm...I better jump right out and buy M$ Office, and then subscribe to the MS protection scam to secure the unsecure products they sold me.
Posted by aabcdefghij987654321 (1721 comments )
Reply Link Flag
The first virus for OpenOffice
Pingback from <a href="http://jasonkolb.typepad.com/weblog/2006/06/the_first_virus.html">http://jasonkolb.typepad.com/weblog/2006/06/the_first_virus.html</a>
Posted by jasonkolb (1 comment )
Reply Link Flag
FYI, this story was reported more than 24 hours before this at hackdot.or
Just FYI, a small infosec blog called 'hackdot' was running this story before CNET NEWS!!! wow. I did enjoy the summary provided by CNET however, they do a good job here. For reference: <a href="http://www.hackdot.org">hackdot.org</a>
Posted by cyrushill (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.