Badbunny Explained

Bad bunny, also known as SB/Bad Bunny-A (Sophos) and StarOffice/Bad Bunny (McAfee), is a multi-platform computer worm written in several scripting languages and distributed as an OpenOffice.org document, commonly named "badbunny.odg",[1] containing a macro written in Star Basic.

Discovered on May 21, 2007, the worm spreads itself by dropping malicious script files that affect the behavior of popular IRC programs mIRC and X-Chat, causing it to send the worm to other users.[2]

Effects

If the macro is opened from the affected document, it displays the following message:"Title: ///BadBunny\\\"Body: "Hey '[USERNAME]' you like my BadBunny?" and loads one of four different scripts named badbunny.js (JS.Badbunny) under Windows, badbunny.pl (Perl.Badbunny) under Linux/Unix, or either badbunny.rb or badbunnya.rb (Ruby.Badbunny) under Mac OS X.[3] Upon loading, the user is shown a pornographic image of a man dressed as a rabbit having sex with a scantily clad woman in the woods.[4]

Notes and References

  1. Web site: OpenOffice macro worm exposes bad bunny . 2023-06-28 . ZDNET . en.
  2. Web site: https://web.archive.org/web/20080328010626/http://www.sophos.com/security/analyses/viruses-and-spyware/sbbadbunnya.html . 2008-03-28 . SB/BadBunny-A Win32 worm (IRC-Worm.StarOffice.Badbunny.a) - Sophos security analysis . 2009-07-29.
  3. Web site: Perl.Badbunny Symantec . https://web.archive.org/web/20070527120101/http://www.symantec.com/security_response/writeup.jsp?docid=2007-052400-3656-99 . dead . May 27, 2007 . 2009-07-31.
  4. Web site: 2007-05-21 . Recognition for malware authors . 2023-06-28 . Naked Security . en-US.

This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia article "Badbunny".

Except where otherwise indicated, Everything.Explained.Today is © Copyright 2009-2024, A B Cryer, All Rights Reserved. Cookie policy.