Friday, June 02, 2006

The "OpenOffice Virus" Isn't a Virus... It's Hype

ZDNet reports the following today: Stardust virus lands on OpenOffice | Tech News on ZDNet. Except that, the "virus" isn't a virus at all... more like, it's a slow news day at Ziff-Davis.

First the claim:
The virus, dubbed Stardust, is capable of infecting OpenOffice and StarOffice, which is sold by Sun Microsystems, a Kaspersky Lab researcher wrote on the Russian company's Viruslist Web site on Tuesday.

"Stardust is a macro virus written for StarOffice, the first one I've seen," the researcher wrote. "Macro viruses usually infect MS Office applications."

Now, the facts. First, Stardust isn't a virus. Viruses are defined by the fact that they can replicate themselves. This is simply a Star Basic macro that downloads an image and opens it in a new document.

Second, OpenOffice's default security behavior is to alert the user to the presence of any macros, and ask permission to run it. Stardust is no different. You open the document, are alerted that there's a macro there, and asks for permission to run it. This is worlds away from the covert behavior of viruses on less secure competing office suites.

Again, this isn't a virus, it's some Kasperski blogger making a name for himself by applying "scare words" to normal behavior. If you think you've got an actual security problem with, you can report it at


Post a Comment

<< Home