| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" |
| "http://www.w3.org/TR/html4/loose.dtd"> |
| <html> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
| <title>Statement on the Proof of Concept Macro Virus </title> |
| </head> |
| |
| <body> |
| <h3>Statement on the Proof of Concept Macro Virus </h3> |
| <p>There has been press comment recently about a "proof-of-concept macro |
| virus" affecting OpenOffice.org and reported in a blog at an anti-virus |
| company. [1] </p> |
| <p>Macros are a useful part of any office suite, allowing users to automate |
| repetitive tasks. These tasks include potentially destructive actions |
| such as modifying and deleting files, which is why macros are of |
| interest to virus writers.</p> |
| <p>The "proof-of-concept macro virus" showed that it is possible to write a |
| simple "virus-like" program using OpenOffice.org's macro language. This |
| is a known risk with any capable macro language. To mitigate against |
| this risk, by default OpenOffice.org detects if a document contains |
| macros, displays a warning, and will only run the macro if the user |
| specifically agrees. This behaviour conforms to industry best practice.</p> |
| <p>The OpenOffice.org engineers take the security of the software very |
| seriously, and will react promptly to any new issues. This "proof of |
| concept" virus is not new information, and does not require a software |
| patch. Technically, it is not even a virus, as it is not |
| "self-replicating" - with OpenOffice.org's default settings, it cannot |
| spread without user intervention.</p> |
| <p>However, the OpenOffice.org community repeats the consistent message |
| from security experts that users should never accept files from unknown |
| sources. For any security issue, please visit OpenOffice.org's Security |
| Team page [2] and send a note to security@openoffice.org.</p> |
| <p>[1] <a href="http://www.viruslist.com/en/weblog?weblogid=187738337">http://www.viruslist.com/en/weblog?weblogid=187738337</a></p> |
| <p> [2] <a href="//security/">//security/</a></p> |
| <p>- The OpenOffice.org Team</p> |
| </body> |
| </html> |