SonicWall, a leading provider of network, Web, email security, backup, and recovery solutions has announced that its Unified Threat Management (UTM) technology provides defensive measures to its customers against the newly-discovered BadBunny-A worm.
The BadBunny-A worm targets OpenOffice Software running on several different operating systems such as Windows, Mac and Linux OS. This malware uses StarBasic scripting language that also drops scripts into other languages, to download and display an indecent JPEG image of a man wearing a bunny suit.
When users open an OpenOffice Draw file titles badbunny.odg, computers get infected.
Depending on the target’s operating system, a macro included in the file performs different functions. Within a Windows operating system, the worm drops a file called drop.bad which is moved to the system.ini in the mIRC folder.
Within windows the macro will also drop and execute badbunny.js, a java script virus that replicates to other files in the folder. In Mac OS, the worm drops one of two Ruby script viruses in either files badbunny.rb or badbunnya.rb. The worm drops a badbunny.py as an XChat script and a badbunny.pl, a tiny Perl virus infecting other Perl files within Linux operating systems. The dropped XChat and mIRC scripts are used to replicate and distribute the virus and initiates DCC transfers to others of the original badbunny.odg OpenOffice file.
It seems that intention behind the BadBunny worm is to show that multiple platforms can be infected by exploiting macro features in OpenOffice, and does not appear to be financially motivated.
Users of SonicWALL’s dynamic threat prevention services are currently protected by these main signatures namely BadBunny.A (worm), BadBunny.A#enc (worm).
SonicWALL has developed unique technologies to deliver gateway anti-virus, anti-spyware and intrusion prevention signatures to its subscribers on a continual basis, allowing them to defend against worms like BadBunny-A as well as attacks and exploits such as phishing, viruses, DHA or DoS attacks and more.