by CIO Staff

Proof-of-Concept Virus Detected for StarOffice

May 30, 20062 mins

The first virus affecting StarOffice was detected Tuesday, but so far it isn’t being used to infect computers.

Since the virus has not been launched with malicious intent yet, a teenager hacker may have written it, said Roel Schouwenberg, senior research engineer for Kaspersky Lab. The virus uses macros to attack the office suite from Sun Microsystems.

Kaspersky is calling the virus “Stardust.” Viruses using macros are rarely seen anymore since simply shutting off a program’s macro feature stops them, Schouwenberg said. Macros can be used to automate certain tasks within a document, such as a repeated calculations on a spreadsheet.

Macro viruses were most often written to disrupt Microsoft office applications, Kaspersky wrote on its virus blog.

Typically, a virus using macros infects a template, which is then read when opening other documents and infects those also, Schouwenberg said. The Stardust virus is contained in a StarOffice document that uses macros and then infects a global template.

If a user opens a document infected with Stardust, every StarOffice text document with a “.sxw” extension, or document template with a “.stw” extension, will be infected, Schouwenberg said.

When one of those documents is launched, it opens an adult image hosted on a server, a website hosting service from Lycos.

So far, the bug does not pose a risk since it remains a proof-of-concept virus, a term meaning the virus was written to prove it could be done, but is not yet being used maliciously.

“We’re not hyping it,” Schouwenberg said. “The world is not coming to an end. It’s just a [proof-of-concept].”

But with a little tweaking, Schouwenberg said the code, which uses an old application programming interface, could be modified to affect OpenOffice 2.0, an open-source suite.

-Jeremy Kirk, IDG News Service

For related news coverage, read Password-Stealing Trojan Arrives in German Spam.

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.