The first virus affecting StarOffice was detected yesterday, but so far it isn't being used to infect computers.
Since the virus has not yet been launched with malicious intent, a teenager hacker may have written it, said Roel Schouwenberg, senior research engineer for Kaspersky Lab. The virus uses macros to attack Sun's office suite.
Kaspersky is calling the virus 'Stardust'. Viruses using macros are rarely seen anymore because simply shutting off a program's macro feature stops them, Schouwenberg said. Macros can be used to automate certain tasks within a document, such as a repeated calculations on a spreadsheet.
Macro viruses were most often written to disrupt Microsoft office applications, Kaspersky wrote on its virus blog.
Typically, a virus using macros infects a template, which is then read when opening other documents and infects those also, Schouwenberg said. The Stardust virus is contained in a StarOffice document that uses macros and then infects a global template.
If a user opens a document infected with Stardust, every StarOffice text document, with a .sxw extension, or document template, with a .stw extension, will be infected, Schouwenberg said.
When one of those documents is launched, it opens an adult image hosted on a tripod.com server, a website-hosting service from Lycos.
So far, the bug does not pose a risk since it remains a proof-of-concept virus, a term meaning the virus was written to prove it could be done, but is not yet being used maliciously.
"We’re not hyping it," Schouwenberg said. "The world is not coming to an end. It's just a POC (proof-of-concept)."
But with a little tweaking, Schouwenberg said the code, which uses an old API (application programming interface), could be modified to affect OpenOffice 2.0, an open-source suite.