Content

StarOffice/StarDust.intd

Type
Virus
SubType
Macro
Discovery Date
06/01/2006
Length
N/A
Minimum DAT
4775 (06/01/2006)
Updated DAT
4900 (11/20/2006)
Minimum Engine
5.1.00
Description Added
06/01/2006
Description Modified
06/01/2006 5:30 AM (PT)
Risk Assessment
Corporate User
Low-Profiled
Home User
Low-Profiled

Tab Navigation

Characteristics

This macro tries to load an URL in new StarOffice or OpenOffice document. The URL it tries to load is http://stardust[removed]pod.com/SilviaSaint.JPG.

 

Symptoms

If the macro is run from an infected document, it loads http://stardust[removed]pod.com/SilviaSaint.JPG in new document.

Method of Infection

Running a macro contained in the infected document.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

-- Update June 1, 2006 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://news.com.com/Stardust+virus+lands+on+OpenOffice/2100-7349_3-6078475.html

--

This detection is for a macro virus written in StarBasic. This is restricted to StarOffice and OpenOffice documents.

Aliases

  • SBasic.Stardust.A!int (Symantec)
  • StarOffice/Stardust.A (ESET)
  • Virus.StarOffice.Stardust.a (Kaspersky)
  • XML_DUSTAR.A (Trend Micro)

Characteristics

Characteristics -

This macro tries to load an URL in new StarOffice or OpenOffice document. The URL it tries to load is http://stardust[removed]pod.com/SilviaSaint.JPG.

 

Symptoms

Symptoms -

If the macro is run from an infected document, it loads http://stardust[removed]pod.com/SilviaSaint.JPG in new document.

Method of Infection

Method of Infection -

Running a macro contained in the infected document.

Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A