First StarOffice Virus Detected

The first virus affecting StarOffice was detected today, but so far it isn't being used to infect computers.

Since the virus has not been launched with malicious intent yet, a teenager hacker may have written it, said Roel Schouwenberg, senior research engineer for Kaspersky Lab. The virus uses macros to attack the office suite from Sun Microsystems.

Kaspersky is calling the virus "Stardust." Viruses using macros are rarely seen anymore since simply shutting off a program's macro feature stops them, Schouwenberg said. Macros can be used to automate certain tasks within a document, such as repeated calculations on a spreadsheet.

Macro viruses were most often written to disrupt Microsoft office applications, Kaspersky wrote on its virus blog.

How It Works

Typically, a virus using macros infects a template, which is then read when opening other documents and infects those also, Schouwenberg said. The Stardust virus is contained in a StarOffice document that uses macros and then infects a global template.

If a user opens a document infected with Stardust, every StarOffice text document, with a ".sxw" extension, or document template, with a ".stw" extension, will be infected, Schouwenberg said.

When one of those documents is launched, it opens an adult image hosted on a tripod.com server, a Web-site hosting service from Lycos.

So far, the bug does not pose a risk since it remains a proof-of-concept virus, a term meaning the virus was written to prove it could be done, but is not yet being used maliciously.

"We're not hyping it," Schouwenberg said. "The world is not coming to an end. It's just a poc [proof-of-concept]."

But with a little tweaking, Schouwenberg said the code, which uses an old API (application programming interface), could be modified to affect OpenOffice 2.0, an open-source suite.

Subscribe to the Security Watch Newsletter

Comments