First StarOffice Virus Sighted

Sam Haine '95 writes "News.com is reporting on the creation of Stardust, a virus which uses macros to attack StarOffice, Sun's office suite. The malware was written as a proof-of-concept code to show what might be possible rather than as a serious attempt to create a new attack vector." From the article: "The pest is written in Star Basic. It downloads an image file with adult content from the Internet and opens that file in a new document, according to Kaspersky's posting."

A Virus

[CastrTroy]

Is this really a virus. It downloads and displays and image with adult content, and displays it. It doesn't run any malicious code, doesn't touch your file system, and doesn't leave any trace after it has run. Sure, you may get in trouble at work, if it downloads the single image, but I think that most IT departments would understand, and wouldn't be able to do much for you for downloading a single image with adult content.

Re:A Virus

[Golias]

A "Proof of concept" malware example for a non-Microsoft product, such as StarOffice or OS X, is demonstrated in a controlled lab: Big news!

An actual virus which utterly cripples Windows PC's is discovered in the wild: Business as usual.

That's pretty much all you need to know about Windows and MS-Office.

Re:A Virus

[soundoff]

As said in TFA, this virus is merely a proof of concept. Using the most simplistic expansion of the idea, imagine if it did this, say, every time you ran StarOffice. Fifty times. Every minute. On a slightly less simplistic expansion, imagine if it downloaded something other than an image. A trojan, perhaps. Another virus that it saved instead of your currently-open document mydocument.doc.exe.

Learning period

[suv4x4]

The more open source products get used, the more their authors will realize that it's not enough to be l33t to write a secure product.

It will also require tough and down-to-the-ground tough work such as researching the worms out there and patching the product out.

Another thing is: you can never "fix" the user, there will always be the guys to run attached executables that promise hot porn and FREE MONY!.

Re:Learning period

[msuarezalvarez]

I am quite sure they'll be quite happy to hear about your donation of time/money/whatever.

POC != virus

proof of concept is not a virus, sure it could be, but until its in the wild its not really

Bypass mechanism

[16K+Ram+Pack]

Not enough specifics. Does this bypass the "do you want to run macros?" because if so, it's a virus, if not, it's a stupid user virus.

I'm all for protecting users from their own stupidity, but in the end, there's a point where people stop having any power at all.

No malicious code

[Duds]

If you're at the wrong kind of workplace, suddenly having porn on your screen is pretty bloody malicious.

Re:it's still basically a OS security issue

[Otter]

If this happened on a Un*x machine (Sun, HP, Linux, BSD), the damage would be confined and limited to what the user had unprotected. It would be highly unusual for a Un*x user hit with a StarOffice macro exploit to have enough exposure to compromise the system.

We have this discussion all the time, but once more can't hurt: on single-user Linux systems or Unix workstations, losing $HOME is far more serious than losing system files.

Re:Why go through the trouble?

[sidfaiwu]

The point is that the image is downloaded and displayed without the user doing anything other than opening the document. The 'proof' is that the code executed even if the user did not want it to. The download-and-display-an-image code could easily be replaced with more malicious code. That is the 'virus' part.

Re:it's still basically a OS security issue

[jfengel]

I think that protecting the user's own data is sufficient reason to blame this on the app writer, not the OS. Yeah, it's the OS's fault if rootkit-level harm can be done, but I think of that as a whole separate problem. Huge amounts of damage can be done even to the user's sandbox, including disclosure of private information (which isn't the OS's fault, either, if the app is giving its macros access to sockets).

There's plenty of blame to go around, but it points out a general clue: writing secure generalized systems is hard, whether it's an OS or a word processor that thinks it's an OS. Security is everybody's problem, and you have to think about it every time you get input from a user. Limiting the effect of security failure isn't the same as abnegating responsibility to prevent that failure. The more power you give that user, the more responsibility YOU have to ensure that power isn't misused.

Re:it's still basically a OS security issue

[anagama]

If this happened on a Un*x machine (Sun, HP, Linux, BSD), the damage would be confined and limited to what the user had unprotected. It would be highly unusual for a Un*x user hit with a StarOffice macro exploit to have enough exposure to compromise the system.

For me, the system is the least valuable area. I have system cds and if it gets borked, I can reinstall and reconfigure. A hassle "yes", end of the world "no". What concerns me is all the irreplaceable content in my home directory. In my home dir, I have all the privileges I need to ruin it all. Now, I keep backups because I know that all computers always fail (at some point in time), but most people are pretty cavalier about backing up stuff. Of course, when I backup, I only backup my data because really, the system is stupidly easy to replace. A person who loses all their baby pics due to a malicious macro isn't really going to care that their printer config is still good.

Re:Why go through the trouble?

[CastrTroy]

Here's my new virus. I put it in a spreadsheet, it's just 1 line of code. =SUM(A1:A50). When put in cell A51, it automatically gets run every time you load the spreadsheet, and will run when you change the contents of A1 through A50. Just because you can make a program perform a function without user interaction doesn't mean you can run malicious code that will mess with the system/user files, or mess with the hardware in malicious ways.

Proof of security

[MobyDisk]

This virus doesn't do any damage. Is that because Star Basic runs in a sandbox and can't actually do damage? Or is it because the proof-of-concept virus didn't want to do any damage? If there is a sandbox, all this did is prove how secure Star Office is, not how vulnerable it is.

Is this really a virus?

[xutopia]

Pardon me for asking but doesn't the definition of a virus include duplication? All I hear is that some code can download a picture. How does it "reproduce" itself and infect other stations?

Re:it's still basically a OS security issue

[I'm+Don+Giovanni]

"People who don't backup /home every night deserve everything they get."

But even if you did backup every night, what if some malware corrupted some documents in /home? Maybe changed some vital data in a spreadsheet? Maybe the change would be too subtle to notice, and you're spreadsheet would start producing incorrect calculations due to the incorrect data, unbeknownst to you. And when you did your nightly backup, guess what, the corrupted spreadsheet gets backed up as well, so now your backup store is corrupt.

Re:it's still basically a OS security issue

[Fred_A]

In the open source world, we don't jail programs, we make them do community work ;)