Slashdot Mirror
SirCam on Linux via WINE
illusion_2K writes "Another monumental step forward for Linux - the SirCam virus now works on Linux via WINE. ("With a few ommissions")" Allright I had to post it. Thats damn funny. We can emulate worms if we want to!
It makes perfect sense to me, with a couple of changes of emphasis.
It makes sense, when writing an emulator/compatability layer, to TEST whether a malicious program will run, for two reasons:
Discovering whether the emulation is close enough that the emulator is also vulnerable to the malicious software.
Discovering whether the malicious software fails because it depends on a feature - necessary for some NON-malicious programs - which is not correctly emulated. (A malicious program may use a little-known or undocumented "feature" - perhaps one that's been keeping some popular apps from working correctly.)
But beyond debugging the emulation there are additional reasons:
Running the malicious program in the (open-source) emulation environment may provide additional insight into its operation, leading to better defenses, both for the emulation and the original environment.
It's FUNNY!
That's four separate reasons that this makes sense.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
here's my form letter for replying to addresses i get sircam clones from:
. worm@mm.html
+++
Subject: advice
Hi! How are you?
I send you this advice in order to not have your files
See you later. Thanks
+++
Attachment (named advice.txt.bat):
@echo off
echo Your computer is infected with the "sircam" virus, and has been
echo repeatedly emailing addresses on hkn.eecs.berkeley.edu
echo with large attachments. Please clean up the virus ASAP.
echo You can find more information on how to do this at:
echo http://www.sarc.com/avcenter/venc/data/w32.sircam
:Loop
goto Loop
// zyqqh