Slashdot Mirror

← Back to Stories (view on slashdot.org)

First StarOffice Virus Sighted

Posted by ryuzaki0 on from the batten-down-the-hatches-maties dept.

Sam Haine '95 writes "News.com is reporting on the creation of Stardust, a virus which uses macros to attack StarOffice, Sun's office suite. The malware was written as a proof-of-concept code to show what might be possible rather than as a serious attempt to create a new attack vector." From the article: "The pest is written in Star Basic. It downloads an image file with adult content from the Internet and opens that file in a new document, according to Kaspersky's posting."

6 of 166 comments (clear)

  1. Re:Why go through the trouble? by BasilBrush · · Score: 2, Informative

    No, that would be the malware part. To be a virus, it needs a method of propagating itself to other systems and files. This may have that, but it's not explicitly stated in TFA or it's links.

  2. Losing data is always the real problem. by khasim · · Score: 3, Informative

    If you're in a company and a "virus" takes out one of the system files on one of your servers ... but the data is safe, you have less of a problem than if a "virus" leaves the server intact, but deletes all of your data.

    It's always about the security of the data.

    Which is why part of the OS's job is to restrict the ability of regular users as much as possible.

    When all that is in danger is your personal home directory, that's really as good as the OS can be.

    If we're talking single user/home machines ... the risk is greater that your hard drive will fail before you get a "virus" on your Linux box. With a failed hard drive (and no backup), you've lost all your data. At some point, it is up to the admin (the user in this case) to back-up his/her data. There is a point at which the OS/app's responsibility ends and the admin's begins.

  3. OpenOffice too! by levell · · Score: 2, Informative

    Although the summary doesn't explicitly say it, the article confirms that this affects OO as well as StarOffice

    --
    Struggling to find a day everyone can make? WhenShallWe.com
  4. Re:it's still basically a OS security issue by zlogic · · Score: 2, Informative

    Mandrake stores the user's backups in a read-only (for normal users) directory. So the virus can damage the user's home dir, but yesterday's (or last week's) backup will remain intact, because only root can hose it and not the user or the virus.

  5. hm.. by DoctorDyna · · Score: 2, Informative
    It seems as though they intend "proof of concept" to mean "Yes, it *IS* possible to manipulate this software with a virus, had we wanted to."

    Just because all it does is download porn, doesnt mean that it couldnt download a shell script that wipes out the MBR on your hard disk.

    --
    Windows has more viruses because linux has more virus coders.
  6. Re:Proof of Concept to infect the planet by killmenow · · Score: 2, Informative
    The framework is there and the possible outcome would be mass infections on a worse level then any worm seen. Of course the whole notion is conceptual but I'm sure it can be done.
    The reason this won't work is that multicast is blocked by a large percentage of edge routers. Without widescale use of multicast, your PoC would cause little harm. We don't have widescale use of multicast...as one could figure out from the fact you felt it necessary to include a DEFINITION of multicast in your post...assuming most people (even here, on slashdot, where all the geeks are) don't know what multicast is...because it's not in widescale use. From Wikipedia: "In order to prevent conflicts (where two groups have the same group IP) most routers will not forward multicast messages onto other network segments. This behaviour is, however, sometimes configurable on a case-by-case basis (it depends on the router software)."

    And, unless I'm much mistaken, one of the reasons multicast is not in widescale use is because of this type of vulnerability. Also from Wikipedia: "Multicast security is a major issue. Standard, practical, communications security solutions normally employ symmetric cryptography. But applying that to IP Multicast traffic would enable any of the receivers to pose as the sender. This is clearly unacceptable. The IETF MSEC workgroup is developing security protocols to solve this problem, mostly within the architectural framework of the IPsec protocol suite.

    IPsec cannot be used in the multicast scenario because IPsec security associations are bound to two hosts and not many. IETF proposed a new protocol TESLA, which is quite convincing and flexible for multicast security."