Virus demonstrates OpenOffice's security failings

There are a lot of good reasons for using open-source software: price concerns, a desire for regular updates, a burning hatred for Microsoft. Some folks even claim to like open-source because it's more secure. However, the argument that open-source software is more secure than closed software might be a lot like the argument that OS X is more secure than Windows: just because less people write malicious code for it, doesn't mean that it's inherently a more secure platform. To wit, a group of malware developers have created a proof-of-concept virus that uses OpenOffice macros to infect a user's PC. The "BadBunny" virus comes embedded in an OpenOffice Draw document and once released, can execute scripts with user-level permissions and can jump to other machines via mIRC and XChat. So what does it do? Well, since it's just a proof-of-concept, the virus doesn't do anything too destructive...aside from displaying some pornographic content befitting of its name.

So what's the big deal? Well, first is the fact that BadBunny is a cross-platform virus: it can successfully infect Windows, OS X and Linux PCs and can propagate on both Windows and Linux machines. Secondly, this isn't the first time that a proof-of-concept virus has been developed that takes advantage of OpenOffice macros (it's also not the first time that such a virus has been used to display pr0n on the user's machine). As Ars Technica duly notes, such viruses "raise serious questions about the efficacy of macro security models, and show that open-source software products can be targeted just as easily as proprietary products when security isn't treated as a primary consideration."

For more on the BadBunny:
- see this Ars Technica article