Stardust "proof of concept" virus has been announced by an anti-virus
editor.

At first, let state one thing : "Macros and extensions, like any program,
are active Things and then can hurt"

Once this said, we can not call all macros viruses !

A virus needs to replicate, propagate, most often silently ...



The stardust "thing", does nothing of this. By default OOo asks for every
run of a macro and any administrator or user can even disable this feature or restrict macros to some trusted sources directories. The user has to explicitly accept
running a program. So nothing to notice there



Among Pavel's announcements with its as usual accurate wordings : only waste of
time


Some relay of other anti-virus editors are even more ridiculous as
stardust is identified as XML virus under the name XML_DUSTAR: hey, a
new beast is born



All of this is restricted to StarOffice, so let me introduce my own OOoDust
as a first state of reflexion in building the new malware engines of coming
years



sub OOoDust()

print "You're infected"

end sub



to activate it is rather simple


  1. open a new document
  2. open the macro editor (tools > macros > ....)
  3. create a new module
  4. copy the virus in this module
  5. save your document
  6. restart OOo (or send your file to a target)
  7. open your document
  8. agree on activating macro after reading the message
  9. go to macro editor (tools > macro ..)
  10. launch the evil macro OOoDust




It is obvious that OOo and StarOffice will be hurt soon by some malware
attacks, but, guys, this not for this time. The dust of this advertisement
smoke of anti-virus editors is easily dissipating while examinating the
process ...



 Btw, OpenOffice.org
project has a structure for reporting
any suspicious behaviour, so feel
free to contact us

As stated in the
official OOo first reaction

"the consistent message from security
experts [is] that users should never accept files from unknown sources".

(Post originally written by Laurent Godard on the old Nuxeo blogs.)