Macro virus for Staroffice discovered
Still at proof of concept stage.
By Jeremy Kirk, IDG News Service | Published: 08:51, 31 May 2006
Researchers have detected the first virus affecting StarOffice although, so far, it hasn't been used to infect computers.
Since the virus has not been launched with malicious intent yet, a teenager hacker may have written it, said Roel Schouwenberg, senior research engineer for Kaspersky Lab. The virus uses macros to attack the office suite from Sun Microsystems.
Kaspersky is calling the virus "Stardust." Viruses using macros are rarely seen anymore since simply shutting off a program's macro feature stops them, Schouwenberg said. Macros can be used to automate certain tasks within a document, such as a repeated calculations on a spreadsheet.
Macro viruses were most often written to disrupt Microsoft office applications, Kaspersky wrote on its virus blog.
Typically, a virus using macros infects a template, which is then read when opening other documents and infects those also, Schouwenberg said. The Stardust virus is contained in a StarOffice document that uses macros and then infects a global template.
If a user opens a document infected with Stardust, every StarOffice text document, with a ".sxw" extension, or document template, with a ".stw" extension, will be infected, Schouwenberg said.
When one of those documents is launched, it opens an adult image hosted on a tripod.com server, a website hosting service from Lycos.
So far, the bug does not pose a risk since it remains a proof-of-concept virus, a term meaning the virus was written to prove it could be done, but is not yet being used maliciously.
"Were not hyping it," Schouwenberg said. "The world is not coming to an end. It's just a POC (proof-of-concept)."
But with a little tweaking, Schouwenberg said the code, which uses an old API (application programming interface), could be modified to affect OpenOffice 2.0, an open-source suite.