Researchers Pinpoint First StarOffice Virus

Security apps specialist Kaspersky Lab identifies what is believed to be the first proof-of-concept virus code created to attack Sun's StarOffice suite and its open-source iteration, OpenOffice.

Security researchers at anti-virus software maker Kaspersky Lab have isolated a new virus aimed at Sun Microsystems StarOffice productivity software and the open-source version of the programs, OpenOffice.

Labeled "Stardust" by Kaspersky, based in Woburn, Mass., the virus exists only as a proof-of-concept attack at this point, according to the company, which said it has not had any reports of security exploits related to the threat, or of versions of the program that have been launched into the wild with malicious intent.

/zimages/4/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Sun representatives didnt immediately return calls seeking comment on the StarOffice virus discovery. StarOffice is marketed as a direct alternative to Microsofts dominant Office suite of productivity applications, with better security being touted by Sun as one of the primary advantages of the software over its rivals product.

Kaspersky reported that the Stardust virus attempts to infiltrate StarOffice and OpenOffice by using macros, which can be used to execute certain actions within document files. While such attacks were once more popular among virus code writers, the technique has become less prevalent based largely on the fact that security-minded users know the threats can be stopped simply by disabling macros for the infected program.

/zimages/4/28571.gifClick here to read why an eWEEK Labs review concluded that the OpenOffice productivity suite has the edge over its relative, Suns StarOffice.

Kaspersky analysts said the program is something of a throwback. "You might wonder whats interesting about this, [as] viruses have been around for a long time and are starting to fade from the scene," a researcher identified only by the name Kostya wrote on the companys blog site. "But if you look more closely at the name, you can see why Im interested: Macro viruses usually infect [Microsoft Office] applications."

Based on those factors, the company said the virus may well have been authored by so-called script kiddies, younger hackers looking to build unique viruses to establish their reputation among malware writers, rather than to cause problems or generate profits with more serious attacks.

Kaspersky said the Stardust virus is crafted inside of a StarOffice document that can utilize macro controls that can then infect other files. According to the researchers, the program is written in Star Basic and downloads an image file with adult-themed content from the Internet which is then opened in a new document in the system. Once opened by a user, an attack built from the proof of concept could then infiltrate every StarOffice text document residing on the individuals computer.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.