Where I can get more detail info about this, and also the sample if possible ?
Thanks

I found
http://www.securityfocus.com/brief/218

Come on open-source guys, double up. We can do better!

Virus or Worm?

does it do damage or does it just open a file ?

accoring to this, just opens the file, no damage.

this is a worm.

no deleting of files, no ads, no malitious acts.

It's a "proof of concept".

The whole open source virus thing becomes pretty tiresome.

I think what annoys people most about those who support open source software is their reaction to every Microsoft product-related threat, always saying the solution is using open source, like Linux, or Open Office!

But wait, open source isn't perfect either. I believe if it became as widely used as Microsoft products have, there would probably be just as many security threats coming its way.

For the amount of people using MS products, I don't see half as many uptight comments trying to push aside anything that pisses on their holy grail. Whenever some open source software problem is found though, you get endless people trying to stick their head in the stand and prove why it isn’t really a real threat.

Hell, it’s becoming worse than religious debates. Why can't we just run along now and stop being childish.

For the record, I use both MS and open source software such as Linux, Open Office, etc. And I couldn't care less which people decide to use, but I am pretty tired of finding all these uptight comments whenever something is found against open source software. It seems to have more fan boys than MS judging by the reactions you always read here to an MS threat and an open source one.

Are you trying to turn this discussion into something that it isn't?

No one here has claimed open source is infallible, but it is safer to use in many cases because it is rarely targeted.

To answer your question...80% of PC owners are sheeple. 10% are knowledgible, and the other 10% of people that own a computer are probably running Macs or Linux. That means we should get 50/50 on both sides of any debate, since the 80% are somewhat out of the loop.

His point is that as soon as Open-source overcomes Microsoft (if that even happens), open-source, if nothing else, will be MORE vulnerable because the vulnerabilities are so easily accessible to the public. Faster fix, yes, but easier breaks too.

I understand his comment, but I don't think that it is a given... I don't necessarily agree that open source is more vulnerable.

Stardust is a 'proof-of-concept' virus

'Nuff said.

All you haters can crawl back under your rocks.

"Stardust is a virus"

'Nuff said.

"Stardust is a virus that is not spreading or in the wild, but represents a threat."

How's that?

Right. We're all shaking in our boots since our beloved Office Suite has been comprimised...

...oh wait, it hasn't.

You do know the difference between 'Proof of Concept' and 'In The Wild', right?

Ahhh...let me see, "Proof of Concept" - "In The Wild"...ummm...that's tough....but I believe I get it. Quit being so narrow-minded - of course your "beloved Office Suite" hasn't been compromised but Pandora's box has been opened.

LMAO.

Yeah, okay.

Apparently you don't.

LMAO.

Yeah, okay...apparently YOU don't (trying thinking outside the box if your brain can handle it)

How does a POC harm the suite in *any* way.

What's the point?

Anyone with a *brain* knows that no app is impervious to viruses. So the POC is only "proving" something we already knew.

Yeah. We're shaking in our boots now, genious.

I find it strange how office suites are targeted by viruses. Why? Can't you infect Myspace IM or AOL Desktop Search? Do something interesting viruses...sheesh.

Opensource or not - it isn't a matter of being vulnerable to viruses, but a matter of speed of fixing "holes". Say, if your bulletproof jacket costs 1000$, it doesn't mean it will protect you against AK-47. Everything is vulnerable, and that's the proof.

Once again...it's just a matter of picking your poison.

Yeah, all you nay sayers that said opensource isn't affected by virus, would you care to recant those words?

This is PROOF, its ALL a matter of time.. and presence.

I'm not surprised by this. The more people use open source stuff the more it's going to become a target.
All the people claiming that open source is much, much more secure than something closed source are living in some imaginary world.
Even though this virus is a proof of concept it doesn't take much for someone to bring it out into the real world.

yawn. did you actually say anything?

...you certainly didn't.

It is only proof that it is possible, but until it is targeted it means very little.

I am curious to know what your reaction would be if this were a 'proof-of-concept' on a Microsoft Windows or Office-related virus.

Additionally, do we know that it hasn't been targetted yet just because it wasn't widespread? You have to consider the number of users of OpenOffice against the number that would get infected with the virus.

would you care to recant those words?

Nope. There are still no ITW viruses for this product.

Yeah...it's possible. Did anyone *really* need proof? A virus can be written for any product on any OS. It's always been a "matter of time.. and presence".

Anyone who thinks otherwise is an idiot.

That said, OOo will very likely *never* reach the point in popularity / market-share that it is likely to be targeted by such things.

Stardust is a 'proof-of-concept' virus

The above means it was created in a lab. It is not ITW. A simple test case for those foolish enough to believe *any* product is secure.

My reaction to this is the same as my reaction to *any* PoC malware. Big frigging deal. For their next trick, I suggest proving the world is flat.

"I am curious to know what your reaction would be if this were a 'proof-of-concept' on a Microsoft Windows or Office-related virus."

My reaction would have been the same...

Based upon the way the article reads it is a vulnerability that hasn't been exploited. It would seem unlikely that anyone seeking notoriety would create a virus that would effect such a small demographic.