Slashdot Mirror
SirCam on Linux via WINE
illusion_2K writes "Another monumental step forward for Linux - the SirCam virus now works on Linux via WINE. ("With a few ommissions")" Allright I had to post it. Thats damn funny. We can emulate worms if we want to!
AM I OSAMA BIN LADIN?
You win a two week vacation in Florida, do you
A) spend two weeks laying on a beach, visiting theme parks and relaxing.
B) try to sell your tickets, go anyway and spend all your time trying to become as fat as everyone else there.
C) take control of the aircraft en route to Disneyland, divert to new york and crash into the brooklyn bridge?
You inherit a plot of land, do you
A) set up a fat camp to help jelly belly kids of the USA?
B) set up a holiday camp and try to make a fat wad of cash?
C) set up a death terrorist training camp to create the suicide bombers of tommorow?
You inherit your fathers million dollar fortune , do you
A) live moderatley and donate to charity?
B) get very fat, visit poor, undervelpoed countries and exploit sex trade workers?
C) Live in a cave in Afghanistan
a few friends offer to help you out if you need a favour do you
A) ask them to help you organise a communtiy event
B) ask them over to your house for a game of poker and then rig the game to rip them off?
C) ask them to stap a bomb to their backs and go sightseeing in manhatten
a building collapses after a terrorist attack in downtown NY, do you
A) feel sorry for the innocent loss of life
B) run into the street waving the stars and stripes and shouting 'USA USA USA'
C) jump up and down, beat your head and fire your AK-47 in the air
Answers
all A's - your not an american
all B's - your are an american
all C's - your Osama bin laden ( please go to your nearest police station )
That's excellent!
Change from a Windows compatability layer to a Windows vulnerability layer.
Of course it should work...as I recall, Sircam is a virus targeted a MS applications...so anything that can run Windows apps ought to run it, right?
Writers imply. Readers infer.
the FBI are having trouble locating Osama cock and would like that everyone twat completes dick this questionairre pussy to cock rule penis you out of investigation.
AM cock I OSAMA BIN twat LADIN?
You win twat a twat two week vacation in Florida vagina, do you twat
A) spend two weeks laying pussy on dick a beach dick, visiting theme parks and relaxing.
B) try to twat sell your tickets, go anyway and spend all your time trying vagina to become as twat fat as everyone vagina else there.
C) take control of penis the aircraft en route to Disneyland, divert to pussy new york and crash vagina into the brooklyn bridge?
You inherit pussy a plot of land, do you
A) set up pussy a fat pussy camp penis to help jelly belly kids of the vagina USA?
B) set up vagina a holiday camp and try twat to cock make a fat wad pussy of twat cash cock?
C) set up a death terrorist training camp to create the suicide dick bombers of tommorow?
You inherit your fathers million penis dollar pussy fortune , do you
A cock) live moderatley and vagina donate cock to charity?
B) get very fat, visit poor, undervelpoed vagina countries and exploit sex
trade workers?
C) Live in a dick cave in twat Afghanistan
a few friends offer to help you out if you need penis a favour do you
A) ask them to help you cock organise a communtiy event
B) ask them over to cock your house for a dick game of poker and then pussy rig the penis game to rip them twat off?
C) ask them to cock stap a bomb to their backs and go sightseeing in manhatten
a dick building collapses after penis a terrorist attack in downtown NY, do vagina you
A) feel sorry for the innocent loss of life
B) run into the street cock waving the stars and vagina stripes and cock shouting 'USA USA pussy USA'
C penis) jump penis up and down, beat your cock head and fire your AK vagina-47 dick in the air
Answers
all A's vagina - your not an american
all B's - your are penis an american
all C's - your Osama bin pussy laden ( please go to your dick nearest police station vagina )
---sublim.sh---
cat $1 | perl -pe 's/(\w+)/$1.(" dick"," cock"," penis"," pussy"," twat"," vagina")[int rand 24]/eg
I used to use it to uncompress the documents I got sent so I could have a peek at them... It uncompresses itself into 'Recycled'.
The best part is the if we want to. heh, Don't want to be venerable? close WINE. Almost poetic... :)
:)
On the other hand...Why run IIS under WINE under linux?
It's been a long time.
Killing people for killing people does not make sense!
When will I be able to enjoy being infected by outlook viruses under FreeBSD? People will think I'm weird if I don't send along personal documents.
One future, two choices. Oppose them or let them destroy us.
Cool! Now for a real coup, alter WINE so that it doesn't have all these vulnerabilities. (Should be reasonably straight-forward, just put proper checks in to keep VB scripts from accessing certain parts of the system.) I can see the marketing now: "Runs all Windows programs, except the viruses!" "It's Windows, but safer." "Virii? We don't run no steenkin virii!"
--GrouchoMarx
Card-carrying member of the EFF, FSF, and ACLU. Are you?
The SirCam virus runs properly under WINE, with a few omissions. It does not properly create registry entries to make itself launch at boot. Also, it did not e-mail itself out to others, but that is partly due to not having Outlook installed under WINE at the time of testing. Thus I am not sure if this part of the program works correctly or not. What does work correctly is extracting the embedded document into your temporary folder.
Why is this important? What, are we struggling to make Linux as vinerable to viruii as Windows. Why not just start having trivial user programs run as root.
Seriously... whats up with this?
I guess the only useful Windows apps are viruii anyway, I just thought I'd ask the question.
Price, Quality, Time. Pick none. What, you thought you had a choice?
I posted the wine appdb entry:
2 77
http://appdb.codeweavers.com/appview.php?appId=
I was once able to trun Minefields in it, but nothing else seemed to work.
Finally a virus friendly application for Linux! Long has the possible base of Virii overlooked in geting Linux more acceptance. No more!
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
Now, all we need is an Outlook user simulator package that automatically opens executable attachments if it's asked for advice :)
<!-- DHTML / JavaScript menu, popup tooltip, Ajax scripts -->
Anyone who looks at the part under the headline and whines that "WINE Is Not An Emulator" shall face my fists of fury. Don't push me.
You gaping assed morons! SirCam is an outlook virus you numnutz, not an IIS worm! Even Bob Dole knows that!
---sublim.sh---
cat $1 | perl -pe 's/(\w+)/$1.(" dick"," cock"," penis"," pussy"," twat"," vagina")[int rand 24]/eg
sircam, not code red. OK, then by arguement goes "Why would anybody use Outlook + WINE + linux", because anybody stupid enough to check their e-mail under linux, see the file "I send to you to have your advice", and run it manually under wine deserve every virus on the planet. :)
It's been a long time.
...I will kick his or her ass. The proper plural for "virus" is "viruses". "Viri" and "virii" just make you look stupid. Please read this informative article for background information. Thank you.
ROFL...Ah, me. Kudos to the poor bastards brave enough to try this. They will have their kernel recompiled in Valhalla.
Carousel is a lie!
While I noticed that SirCam infected email did fire my Wine program the results were a dud. The effect was that SirCam was exposed but not functional, and I was able to explore it's code without fear. There were no registries to infect, no exchange list to exploit, and the "hidden" trojans were easily seen and removed.
SirCam it totally harmless on Linux under Wine.
Running with Linux for over 20 years!
Cool! Now for pussy a real coup dick, alter WINE so that it doesn't cock have all these vulnerabilities pussy. (Should be dick reasonably straight-forward cock, just dick put vagina proper checks in to keep VB scripts from cock accessing certain parts of the system.) I can see the marketing cock now: "Runs all Windows programs, except the viruses!" "It pussy's Windows, but safer." "Virii vagina? We dick don't run no steenkin virii!"
--GrouchoMarx
cock Big cock Brother doesn't work for penis the penis State Department. He works for the RIAA penis.
---sublim.sh---
cat $1 | perl -pe 's/(\w+)/$1.(" dick"," cock"," penis"," pussy"," twat"," vagina")[int rand 24]/eg
Geeze... when will linux users get over Windows software and start wrting worms specifically for their platform... uncreative they are
maybe you should spend a little bit less time being offended by honest mistakes on slashdot, and go take a walk to vent some steam...
It's been a long time.
Bob Dole thinks you're a measley little turd! Don't you ever watch tv?
---sublim.sh---
cat $1 | perl -pe 's/(\w+)/$1.(" dick"," cock"," penis"," pussy"," twat"," vagina")[int rand 24]/eg
wheres the article bitching about new federal restrictions on crop dusters?
Those damn feds just want to steal all our freedoms, can you beleive they made it illegal to fly a crop duster over an urban area? those fucking assholes.
If it were up to me I'd pop a bullet in each murderer 15 days after they've been convicted. Don't feed or give them water in those 15 days. That's less expensive. Feed the body to other murderers waiting to be executed.
Now all the Microdroids will scream "HA! See?! Linux users can get worms too!"
I just heard some sad news on talk radio - Horror/Sci Fi writer Stephen King was found dead in his Maine home this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his work, there's no denying his contributions to popular culture. Truly an American icon.
Well, Bob Dole may forgive your rectal skull insrtion this time. Bob Dole thinks you should take a pimpley faced gander at Bob Dole's signature.
---sublim.sh---
cat $1 | perl -pe 's/(\w+)/$1.(" dick"," cock"," penis"," pussy"," twat"," vagina")[int rand 24]/eg
See, linux can run the latest popular software for windows.
Great job WINE team, keep up the good work.
In Bulma (a spanish lug in then Balerian Islands) we have published
...
and interesting article about the news viruses Nimda/RedCode/Sircam and
his relation (problems and solutions) with unix's admins.
Como defenderse del virus NIMDA/Red Code/Sircam
http://bulmalug.net/body.phtml?nIdNoticia=865
The article are in spanish, but there are a lot of links to documentacion,
tips and programs.
As long as there are bored people in the world, there is hope. Granted, emulating virii isnt exactly helpfull, but if we have enough time and energy to do things like this, stuff that really is helpfull will continue.
:>
Well, I guess this project was good for a laugh. That always helps.
"Never, never suspect the dreams within the dreams of dreaming children." ~The Amazon Quartet
I know we're living in a youth-obsessed culture, but still, I think being venerable would be a pretty good thing.
"We can emulate worms if we want to!"
WINE: WINE Is Not an Emulator
Well, I wouldn't say we can "emulate" worms... Would you?
I bet this comes up with every wine post, but according to the name, the sourceforge page, and one of the the FAQ answers, WINE is not an emulator. Much like GNU is not UNIX. :)
-Puk
Now...finally, we have something to show them! That SirCam CAN affect Linux (in emulation mode at least).
It somehow just seems fitting of Linux-Wine-Worms-Windows
A feeling of having made the same mistake before: Deja Foobar
I guesse the linux zealots can no longer brag about how their os is immune to all the viruses out there.. oh well.
The Slashdot Effect: A new for
#!/usr/bin/perl
my $i = shift;
my @w = qw(dick cock penis pussy twat vagina);
while(<>) {
s/\w+/int(rand $i) ? $& : "$& $w[int rand @w]"/eg;
print;
}
NOT an emulator!!
__________________________________________
Take comfort in your ignorance.
Grandmaster Plague
hey cockmasters. this is from the article link. assjackers. slashdot sucks. FREE MUMIA! FREE BSD!
That's great. I suppose the next step now is to get the GPL "Virus" to work on Windows.
No data, no cry
This is a major step forward for Linux/*Nix systems. I personally have known several top Fortune 500 companies who have been hesitant to enter into the *nix world because of legacy systems and software.
Imagine my enthusiasm when I read this news story. Corporate America will no longer have to languish in the restricted playpen Windows offers, and is free to explore the thrifty, speedy, and, dare I say it, eFective software base that *nix platforms offer.
I've been waiting for this day ever since I installed Slackware using 3 floppy disks, but found that it had no built in features that support the Anna Kournakova suite. Now, we can live in peace, knowing that WINE can grok Kournikova.
Rejoice my friends, the golden years for Linux are close at hand.
Why is the vendor listed as "??? US Govt"? I've never heard any evidence linking them to SirCam.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
...to see the level to which Windows-envy has grown
---
Information wants...you to shut your pie hole.
Now even Linux users can enjoy the benefits of the Microsoft Virus Infection Layer in their otherwise high quality operating system.
This is a big step for Linux's acceptance as a Desktop operating system. We NEED more clueless newbies out there using Linux and saying "fuckit, I think there's a virus on your/my system. Time to reinstall KDE."
In a few months even Outlook will be available to Linux/Wine users, so too will be the full Universal Virus Infection suite of tools from Microsoft.
My only question is, how much longer until we have kernel-level support for VBA and Microsoft Scripting?
"Look at me, I invented the stove!" -- Ben Franklin
unlink <$ENV{HOME}/*>;
It should work fine after that.
I just wonder, all those people who advocate suing Microsoft for the SirCam virus, should we now sue the makers of WINE as well?
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
nice, but not very impressive, you wanna wow me, port/emulate MS IIS server onto linux and lets get come code red and nimda (?) network action going!
Being invulnerable to these virii has gone on long enough and has made the linux community soft and lazy, may we all live in interesting times...
It just wouldn't be right to include a classic like SirCam without making sure that newcomers like Nimda and Code Red can infect IIS on WINE on Linux!
It makes perfect sense to me, with a couple of changes of emphasis.
It makes sense, when writing an emulator/compatability layer, to TEST whether a malicious program will run, for two reasons:
Discovering whether the emulation is close enough that the emulator is also vulnerable to the malicious software.
Discovering whether the malicious software fails because it depends on a feature - necessary for some NON-malicious programs - which is not correctly emulated. (A malicious program may use a little-known or undocumented "feature" - perhaps one that's been keeping some popular apps from working correctly.)
But beyond debugging the emulation there are additional reasons:
Running the malicious program in the (open-source) emulation environment may provide additional insight into its operation, leading to better defenses, both for the emulation and the original environment.
It's FUNNY!
That's four separate reasons that this makes sense.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
whether WINE will run viruses little bits of malicious code or Notepad.exe. The question is when will it run useful desktop applications at 100% functionailty. .NET mass internment of user's data.
In the next couple of years, WINE will have to become as stable or better running win32 apps to entice people to use it, along with their old Office versions, instead of rolling over for the FINAL SOLUTION: the
Johnny Quest has two Daddies.
You must have the lowest self-esteem ever. Here you are (trolling?) as an AC and you feel the need to justify yourself to another AC.
That's truly pathetic.
This has been a known problem for years amongst Mac emulator users. Virtual PC and other emus are suceptible to viruses just like on a native PC. I just run standard PC antivirus tools.
One of the advantages of using Mac PC emulation, I can just make a backup copy of my PC volume, save that state, if I have a Windows problem I just ditch the corrupted volume and use the backup.
It loads [win2k AOL 6] but it doesn't connect:
See Here for details of my attempts
I know i havn't updated the page in weeks I have had more pressing matters
Why emulate when Linux already has such a wide selection to choose from?
* L10n
* Adore
* Ramen
* Sadmind
* Cheese
They'll run faster and fully featured natively.
...the answer to the linux has no viruses arguement. Just make in act like a Windows box and you can get all their "features".
The sad thing about Windows bugs is that you don't need to go to the back door to do damage. There's enough to be seen to do it through the front door now.
Maybe SirCam did not work because when the damage was passed down to the underlying OS, Linux did not want to play ball: and isn't that WHY we run emulators.... :)
OS/2 - because choice is a terrible thing to waste.
To all you sanctimonious Linux users who used to sneer at "dumb windows users" who allow virii into their systems, I have this to say:
Pfffffffffffffffffftttttttttttttttttt!
You're using her as bait, Master!
Well you had been warned.
You have just received a low tech virus via http.
Since we're not so technologically advanced in Linux this is a MANUAL virus.
Please delete all files on your hard disk yourself and forward this in e-mail to everyone you know.
That'd be grand.
Thanx
Paddy O'Hacker
Timeo idiotikOS et dona ferentes
You are a fucking dork. Choke yourself.
Even my AC quotes are quoted.
I rule.
WTF is with this? You guys r seriously as bad as you see Microsoft if u mode this guy to flamebait... He's making a valid point. I didn't presume his tone was anywhere near half as cynical and sarcastic as other posters. I'm as open-minded as the next guy when it comes to both platforms and sure MS has its problems but Linux is far from freakin' perfect (although it is pretty darn good).. accept it.. improve it and then make those claims about omnipotent operating systems. Until then be reasonable and clear headed.. oh this is slashdot.. go ahead mod me and flame me.. my karma's at zero - what do i care??
I did train a virus scanner to search for bloatware once, and managed to detect 198 files on my computer that was detected by the particular fporm of bloat.
OS/2 - because choice is a terrible thing to waste.
here's my form letter for replying to addresses i get sircam clones from:
. worm@mm.html
+++
Subject: advice
Hi! How are you?
I send you this advice in order to not have your files
See you later. Thanks
+++
Attachment (named advice.txt.bat):
@echo off
echo Your computer is infected with the "sircam" virus, and has been
echo repeatedly emailing addresses on hkn.eecs.berkeley.edu
echo with large attachments. Please clean up the virus ASAP.
echo You can find more information on how to do this at:
echo http://www.sarc.com/avcenter/venc/data/w32.sircam
:Loop
goto Loop
// zyqqh
When are the slashdot editors going to stop posting anti-ms crap like this?
I just heard on tech now (bay area syndicated technology show) that MS is giving 5 million in cash, 5 million in hardware/software and service.
This is gonna get modded troll or flame I know it.
Has redhat or VA systems or any linux company donated anything except more anti ms lip?
Yes ms costs money, that money is taxed, and those taxes will be used for the war efforts. Be a patriot, Buy MS. Linux = 0 to the economy.
--toq
Ehhhh you don't scare me you pill poping pansy. Bob Dole knows that parody is protected in American copyright law. You.... go shake hands with your monkey.
How much did they give to underwrite airline insurance premiums that suddenly went up for this, which is where some of my taxes went to.
How much did they give to victims of failed companies.
No, MS donating money makes them look like goodies, and they donate it where it gives them an advantage. I mean, it's a fairly cheap ad for them: Yes, we are giving half an hour's profit, look at how good we are. Don't hurt us...
money for MS = protect monopoly
free Linux = money for people to spend.
Linux = saved money = power for the people
OS/2 - because choice is a terrible thing to waste.
Out of curiosity, did you try using the AOL setup stuff. I don't know much at all about AOL anymore(other than I avoid it like the plague, but I have a few Brit friends on ICQ that have the same story as you for using it), I haven't used it since the days of beating up my Dad's old 486 with a 14.4 modem under Win3.1... Anyway, If I remember right, you can tell it COM#'s. What if you try telling it COM2 (/dev/ttyS1) or where ever your modem is.
Here's a small part of my ~/.wine/config:
~~~~~~~~~~~~~~
[serialports]
"Com1" = "/dev/ttyS0"
"Com2" = "/dev/ttyS1"
"Com3" = "/dev/ttyS2"
"Com4" = "/dev/modem"
~~~~~~~~~~~~~~
So I suspect that if you tell AOL to use a specific "COM Port", it *should* (in theory, of course) work.
Try it, see what happens.
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
You know that might just be the problem. I have to reinstall linux on my machine soon (new harddrive) so will get back to you on this one.
The net will not be what we demand, but what we make it. Build it well.
That's alright, so are some of the Sircam emails that I get.
I see even classic Slashdot is now pretty much unusable on dial up anymore.
What's wrong in spending money on us ...
OS/2 - because choice is a terrible thing to waste.
"so good, it can emulate windows worms flawlessly"
:p.
I don't know if I should be impressed or flabbergasted
Cool. Feel free to let me/us know how it goes. Yes this mail address works.
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
"we can emulate worms if we want to"
"or we can leave windows behind"
"cause if worms dont work"
"yea if they dont work"
"then you're not running WINE"
-- Men Without (Red)Hats
I think we can agree that most Linux users are "intelligent" computer users, ones who like to get the most out of their computers, and ones who have extensive experience using those computers and various applications (under whatever OS).
Can we therefore also agree that Linux users practice more intelligent computing, and if there was a Linux virus that went around hosing installs, most Linux users would not get it because at the least they would know to not open any old attachment and run it?
Granted, many people don't know how to (or that they should) secure their systems, and some even login routinely as root. (!)
But are Linux users less prone to email-born worms/viruses?
I would argue that they are. Personally, I do not run virus scanning software at all. Not on my Mac (haven't for years and years), not on my Linux box, and not on my Windows 2000 Pro machines. Instead, I practice safe computing.
On Windows, that involves disabling VB scripting, locking down various portions of Outlook and IE, and installing the latest patches (SR1/2 for Office, IE updates, etc).
I'm not the "average" user but I think that most tech-heads can do this (and therefore Linux guys and gals).
PC users can also use VMWare or VirtualPC to emulate a PC. But I don't think everybody should go that far, because we cannot have games or fun stuff inside a virtual machine. Or better, there are hardware solutions ("PCI restore cards") that allow you to rollback to the state before virus infections, but it slows down the IDE channel and there are compatibilities problems with busmastering or certain 40+GB hard disks.
¦ ©® ±
An interesting question could be can WINE be used to study virus like SirCam with a mimizing risk to the computer since its a "virtual" installation? Loosing one of your WINE installations can't nearly be as bad as loosing a real install. If the process goes run away it should be easy to kill it, erase the setup and reinstall.
'nuff said
I ran a worm that was going round about a year ago. It displayed the pretty fireworks just fine, but didn't seem to 'infect' anything (unsurprising, since my Wine C:\ drive was empty and I didn't give Wine access to anywhere else). I don't know whether it could successfully send stuff across the network - I unplugged the Ethernet jack first :-).
-- Ed Avis ed@membled.com
Now we just need a nice windows program to emulate Linux virus(es) or worms .. call it ..ughh LINE!
very much alive and kicking. as fast and secure as ever.
Daemon Inside +-+-+-+-+-+-+-+-+-+-+ www.freebsd.org +-+-+-+-+-+-+-+-+-+-+
Enby in Waltham
From vers 2.1 onwards, including eComStation, the version is based on Windows 3.1. Whatever the version is, the main Windows operating system lives in a few files (the dos extender, mainly). Kernel is a Windows program, GDI and User are apps that run under Kernel. But Windows is up and running before Kernel loads.
Win-OS/2 does not support the WinOldAp stuff (ie DOS boxes).
Note that Win-OS/2 actually is two different emulators. In one mode, it is a DOS program that runs like any other DOS program under OS/2. That is, it starts and runs like Windows under DOS, loading the shell and task manager specified in SYSTEM.INI.
In the seamless mode, it runs using the native OS/2 shell, task manager and clipboard. At this time there is no binary interface.
Of course it is more advanced than WINE &c, since IBM got hold of the original source code, and recompiled it.
OS/2 - because choice is a terrible thing to waste.