Stardust virus lands on OpenOffice

Researchers at Kaspersky Lab have spotted what they believe is the first virus for OpenOffice, the open-source rival to Microsoft's Office productivity suite.

The virus, dubbed Stardust, is capable of infecting OpenOffice and StarOffice, which is sold by Sun Microsystems, a Kaspersky Lab researcher wrote on the Russian company's Viruslist Web site on Tuesday.

"Stardust is a macro virus written for StarOffice, the first one I've seen," the researcher wrote. "Macro viruses usually infect MS Office applications."

The pest is written in Star Basic. It downloads an image file with adult content from the Internet and opens that file in a new document, according to Kaspersky's posting.

Macros are a useful part of any office suite, allowing users to automate repetitive tasks. "These tasks include potentially destructive actions, such as modifying and deleting files, which is why macros are of interest to virus writers," the OpenOffice team wrote in a response to the virus.

To mitigate against the macro virus risk, OpenOffice detects if a document contains macros, displays a warning and will only run the macro if the user chooses to do so, the OpenOffice team wrote.

So far, Stardust is a proof-of-concept virus, which means that it was created to demonstrate that an OpenOffice virus is possible. The virus has not been sent out in the wild and is not actually attacking people's systems.

The story is different for Microsoft Office applications: A yet-to-be-patched security hole in Word has been exploited in at least one recent cyberattack.

A new "macro virus" is like a blast from the past. Viruses have evolved significantly. Boot sector pests were around between 1986 to 1995, followed by macro viruses that exploited early Microsoft Windows operating systems, according to security company F-Secure. The advent of e-mail subsequently propelled e-mail viruses such as the "I Love You" and the Anna Kournikova virus.

[Zymurgist]

That's nice.

You can write a macro that will download a
picture and include it in a document. It would
be a virus if it: couldn't be readily stopped,
affected other documents, setup a spamming
service, or affected the system (files/security)
somehow. However, the proof-of-concept doesn't
seem to do that.

[Kent Pribbernow]

*Nelson laugh*

Ha Haaaa!

[gnotellaluvr]

Here is the first real test

Well here is Open Office's first test against Microsoft. Let's see how fast they respond to this new information and plug the security hole. I know in most open source projects it doesn't take long for the fix to come out.

[Tobyhamilton]

I wonder who wrote it and why

Bill Gates...I'm looking in your direction.

[aabcdefghij987654321]

The first ever non-Microsoft macro virus?

Wow, does this now invalidate the statement "There is no such thing as a macro virus, only a Microsoft Office macro virus"? This really is news...

Number of Microsoft macro viruses: Too many to count. Thousands?

Number of macro viruses in every other known product to the entire world: 1

Hmmm...I better jump right out and buy M$ Office, and then subscribe to the MS protection scam to secure the unsecure products they sold me.

[jasonkolb]

The first virus for OpenOffice

Pingback from http://jasonkolb.typepad.com/weblog/2006/06/the_first_virus.html

[cyrushill]

FYI, this story was reported more than 24 hours before this at hackdot.or

Just FYI, a small infosec blog called 'hackdot' was running this story before CNET NEWS!!! wow. I did enjoy the summary provided by CNET however, they do a good job here. For reference: hackdot.org