SB/BadBunny-A

Aliases	IRC-Worm.StarOffice.Badbunny.a
Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


How it spreads	Infected files Chat programs
Affected operating systems	Windows
Protection available since	21 May 2007 06:25:40 (GMT)
Last updated	16 May 2008 15:00:26 (GMT)
Detected by	All Sophos products

Sophos beta program
Register now for our latest beta tests

Endpoint Security and Control 9.0
Small business solutions 4.0

Action

Summary
Action
More Information

Please follow the instructions for removing worms.

More Information

Summary
Action
More Information

SB/BadBunny-A is a multi-platform worm written in several scripting languages and distributed as an OpenOffice.org document containing a StarBasic macro.

SB/BadBunny-A spreads by dropping malicious script files that affect the behavior of the popular IRC programs mIRC and X-Chat, causing them send SB/BadBunny-A to other users. These malicious script files are named badbunny.py (for XChat) and script.ini (for mIRC, overwriting the existing mIRC file) and are also detected as SB/BadBunny-A.

SB/BadBunny-A drops different additional components depending on the platform on which it is running:
- On Windows, it drops a file named badbunny.js that is a JavaScript file infector also detected as SB/BadBunny-A.
- On Linux, it drops a file named badbunny.pl that is a Perl file infector also detected as SB/BadBunny-A.
- On MacOS, it drops one of two possible files named badbunny.rb and badbunnya.rb that are Ruby file infectors also detected as SB/BadBunny-A.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

SB/BadBunny-A

Summary

Action

More Information