A proof-of-concept virus that targets the alternative application suites StarOffice and OpenOffice is out and about, multiple security companies said Wednesday.The macro-based virus, dubbed “Stardust” by Kaspersky Labs and “XML_Dustar.a” by Trend Micro, arrives hidden within a StarOffice/OpenOffice document attached to an e-mail message. The virus is written in StarBasic, a variation of the BASIC programming language used to write scripts and macros in the two suites. (Microsoft’s Office, for instance, uses something similar, called VisualBasic, for its macro scripting functionality.)
OpenOffice is the free, open-source suite that shares a code base with Sun Microsystem’s commercial StarOffice bundle.
When the recipient opens the document, Stardust/XML_Dustar.a downloads and opens a JPEG image in a suite document, then infects other StarOffice/OpenOffice document files. The proof-of-concept, however, is just that: programming problems prevent it from completing its infection routine, said Trend Micro in its analysis. The virus doesn’t package any malicious payload; other than the arguably objectionable image, it’s harmless.
Macro-based viruses once ruled the malware world, but with few exceptions, they have played a minor role in security problems since 2000. Some suite applications, however, have been set upon by non-macro attacks. This month, a still-unpatched vulnerability in Microsoft Word was exploited in limited attacks using attached files that were Trojan horses in disguise.
Microsoft has promised to fix the Word flaw by June 13, the developer’s next regularly scheduled patch date.