MS Office alternatives are becoming attractive to a lot of users because of their competitive pricing and because they are not as targeted by hackers out to find application holes.

Popular Microsoft is continually under fire because of vulnerabilities found in its products. However, malware authors can also hound lesser-known Microsoft rivals as evidenced by recent infections of a Visual Basic script that targets Sun Microsystemsoffice suite StarOffice (also known as StarSuite in some countries). This VBScript drops a malicious JavaScript, an Internet Relay Chat (IRC) file, and a worm on affected systems. Trend Micro detects it as VBS_BADBUN.A and it affects all Windows, Mac, and Linux OS with StarOffice installed. The name BADBUN comes from an image displayed by one of its dropped files. The said image contains a person wearing a bunny costume.
The dropped files are detected by Trend Micro as:

• JS_BADBUN.A - dropped JavaScript
  
• IRC_BADBUN.A - dropped .BAD file that replaces a legitimate mIRC file
  
• WORM_BADBUN.A
  

The malicious JavaScript and IRC files ensures the spread of this malware “wagon” via the Internet while the worm can ensure spreading capability via other vectors.

Aside from dropping files, the said VBSript launches a distributed denial of service (DDoS) attack using Ping method against antimalware-related Web sites, including the Trend Micro site.

It is a very Bad Bunny indeed.

Another Symbian Series 60 malware makes the rounds on the World Wide Web, making itself available for download from an unnamed FTP site. SYMBOS_VIVER.A poses as an installer for a photo editor, a video codec, or an Internet tool for mobile phones, ensuring its §downloadability”. Once executed and installed on the affected phone, it sends SMS messages to a certain premium number every 15 seconds.

There’s nothing new with this Symbian malware, having the same routine as J2ME_REDBROW.A. However, SYMBOS_VIVER.A takes off where J2ME_REDBROW.A left — successful profit via direct execution of its routine. With J2ME_REDBROW.A, users must agree to send a message. In SYMBOS_VIVER.A, automatic sending ensures automatic profit for its creators.

Though the said capability is alarming, it is worth noting that Symbian malware have never made significant impact on users and that propagation via bluetooth in mobile phones is not a sure way of mass-spreading. However, this malware’s author/s have posted this malware to the Internet and downloading can boost it spread.

Pirates of the Caribbean spun a yarn with Admiral Becket always being two steps behind the half-drunk swagger of Captain Jack Sparrow. This reel life is actually a very good metaphor of real life software piracy as pirates elude authorities–making bigwigs like Microsoft initiate efforts such as the Windows Genuine Advantage (WGA) in Windows XP and Vista. The bad guys are turning the tables though. A Trojan spyware detected by Trend Micro as TSPY_KARDPHISH.A is using WGA to phish for credit card information.

Once installed on a system, it displays the following to to activate Windows:

If the user clicks Yes, it then displays these fields to get the user to reveal credit card information:

It gets nasty if the user doesn’t enter the required information because it shuts down the computer.

This spyware technique is reminiscent of another spyware that hit systems early this month that also used a known Windows feature to steal personal finance-related infomation. Looks like malicious spyware have found a new window of opportunity in Windows.

Spyware Ahoy!