Have the scammers now targeted Libre Office?

Some time back I was playing with ClamTK just because. It’s always nice to do a sweep every so often. I even enabled the PUA (Potentially Unwanted Application) search feature. This really is the wild wild west of virus scanning on Linux.

It identified PUA.Win.Tool.Hacktool-1840 in a document file which I hadn’t worked on in a long time. It was the document file I was editing for the “Twenty of Two” post series on here. I experimented with quite a few exports.

soffice --headless --convert-to docx twenty_of_two.odt
soffice --headless --convert-to rtf twenty_of_two.odt
soffice --headless --convert-to txt twenty_of_two.odt
soffice --headless --convert-to wps twenty_of_two.odt
soffice --headless --convert-to pdf twenty_of_two.odt
soffice --headless --convert-to wpd twenty_of_two.odt
soffice --headless --convert-to wri twenty_of_two.odt

In case your device doesn’t let you expand that image:

soffice --headless --convert-to txt twenty_of_two.odt
func=xmlSecCheckVersionExt:file=xmlsec.c:line=188:obj=unknown:subj=unknown:error=19:invalid version:mode=abi compatible;expected minor version=2;real minor version=2;expected subminor version=25;real subminor version=26
convert /media/roland/USB20FD/Twenty of Two/twenty_of_two.odt -> /media/roland/USB20FD/Twenty of Two/twenty_of_two.txt using filter : Text

 

Now the interesting thing was ClamTK identified the exact same PUA in ever converted/exported file, even the txt. Curiousser and Curiosser wouldn’t you agree?

A Web search lead me to this site which had little information. Since The is an unfinished book which had most of its initial content posted on this very blog, I tried uploading the txt version.

The screen has looked like that the entire half our I’ve been working on this. In short Lassie isn’t coming home. I closed the window. The C:\fakepath\ showing in the upload didn’t inspire confidence that developers of the site knew anything about software development. I’m running KDE Neon. There is no “C:\” concept on this machine. That only exists in viruses put out my Microsoft.

I did scroll through the file with JED without word wrap turned on just to see if anything jumped out at me. Nadda. Since I was interested in picking up the gauntlet of this title again, I flagged the odt file read only and opened it up in Libre Office then starting typing a shiny new version of this document in OnlyOffice.

Why? Well, I’ve written an earlier post about that. If you aren’t a writer, you won’t understand. True, I didn’t finish the story, but the early first draft of what I had was shit. It needed a lot of work. Now that I’ve gotten to the end of what was originally posted and have 30 more pages in the second version. The original document file even has 12 pages of content which was never posted and I haven’t rolled into this. As I said, it needed a lot of work, thus is the nature of first drafts.

Oh, the file. You should be able to download it by clicking that link. If not either leave a comment or send an email. I’m willing to pass along the txt to someone researching the virus or the bug.

I should also tell you that saving the document file again via the most updated Libre Office version for KDE Neon seems to remove whatever causes this problem.