Slashdot Mirror

← Back to Stories (view on slashdot.org)

Running Windows Viruses Under Linux

Posted by timothy on from the under-is-the-right-preposition dept.

ResQuad writes "Everyone loves Windows viruses, right? Well, the crazy people over at NewsForge (owned by the same people that own Slashdot) decided to try running Windows viruses with Wine. So next time you receive an email virus, strike up Wine and see what you can do (or not)."

21 of 361 comments (clear)

  1. Re:Wine is not an Emulator. by Jarn_Firebrand · · Score: 4, Informative

    Mod parent up and insightful

    --
    Grammar Nazi
  2. Discussed in Ask Slashdot by gbulmash · · Score: 3, Informative
    Oddly enough, this was discussed in an Ask Slashdot in October 2003.

    - Greg

    --
    Start a happiness pandemic
  3. Because it didn't execute the not-zip file by SuperKendall · · Score: 4, Informative

    When a zip file on Linux is not a zip file, you get an error.

    When a zip file on Windows is not a zip file, you get some system enhancemnets you may not have wished for (or would even wish on your worst enemy).

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Because it didn't execute the not-zip file by ad0gg · · Score: 3, Informative

      No you don't, extensions have always been handled by the associated application. If you change an .exe to .zip and try to run it, you get a corrupted zip file error message.

      --

      Have you ever been to a turkish prison?

  4. PE on linux by northcat · · Score: 3, Informative

    Linux kernel now supports foriegn binaries. IIRC, some patches are available to enable support for PE binaries (Windows native binaries). If dependencies are kept low, with some clever programming, virii that run on multiple platforms are possible without something like wine or java.

    1. Re:PE on linux by Anonymous Coward · · Score: 1, Informative

      For those that may not know, "PE" is the acronym for Portable Executable.

    2. Re:PE on linux by Anonymous Coward · · Score: 1, Informative

      Viruses.

      "virii" has never been correct, and is only used by the ignorant or the pseudo-intellectual stupid looking to pass themselves off as sophisticated.

  5. Re:Done it. It works. Kinda. by zemoo · · Score: 2, Informative

    There's no need for social engineering. I remember on Red Hat 7.3, Windows .exe files were automatically launched with Wine under Gnome. Which meant that attachment viruses could be run from Evolution by clicking on the attachment.

    I never tested to see if they worked, but then I never really wanted to find out!

  6. Re:Why? by madstork2000 · · Score: 2, Informative

    Somebody already did that. I am pretty sure it was mentioned here on slashdot. Anyway here is the URL:

    http://librenix.com/?inode=5508

    Basically a guy wants to see what will do the most damage --

    rm -rf /

    or

    format c:\

  7. Old-school virus propogation... by Xaroth · · Score: 2, Informative

    From the article:

    Oh sure, I could manually forward these viruses to the folks in my address book, but where's the fun in that?

    This reminds me of the old standby text-based, system agnostic viruses, some of which can be seen here.

    --
    That green slime had it coming.
  8. Re:Why? by remahl · · Score: 2, Informative

    Though it's good to know that WINE will do what it's supposed to do--execute code written for Windows, it's kinda silly to think it wouldn't.

    Most of the viruses did not work as expected.

  9. Re:Virii is not a Word by Anonymous Coward · · Score: 1, Informative

    No matter how much you think it is, it's not.

  10. Re:That's awhole lot of differences by Saeger · · Score: 2, Informative

    Indeed, VMWare is great for testing out dangerous ideas. Just save a snapshot, then hose the system, then revert back to the original to start over. This came in real handy a few weeks ago when I was experimenting with shrinking and moving reiser root partitions (turns out its not trivial to move the START of a reiser partition, if you, for example, wanted to remove a windows partition that came before it)

    --
    Power to the Peaceful
  11. Re:Wine is not an Emulator. by Anonymous Coward · · Score: 3, Informative

    Wine emulates the Win32 API, if anything

    Wine does not emulate a processor, video, or sound subsystem, but rather 'wraps' the necessary calls (in theory) to native Linux calls. It requires an x86 CPU (for which an x86 emulator could be used, I suppose, but it's still not part of Wine).

    And in the situations where real Win32 DLLs are used, it's not even emulating that part of the API.

    It might be considered a simulator, but I doubt it would be considered an emulator.

  12. Re:Wine is not an Emulator. by kerrle · · Score: 2, Informative

    Wine isn't an emulator. It's a reimplementation of the win32 api. This is not a hard concept.

  13. Re:Wine is not an Emulator. by PakProtector · · Score: 2, Informative

    Virus is a latin noun. Now, normally, Latin nouns that end in -us, like virus, decline into the plural by removing the -us and tacking on -i. This would render the word as Viri, not Virii. However, in Latin, virus does not decline -- whether singular, plural, direct object, ablative, accusative, it's always virus. Much like the latin word 'nihil,' which translates as 'nothing.'

    --

    Edward@Tomato - /home/Edward/ man woman
    man: no entry for woman in the manual.
    "Qua!?"

  14. Re:Native ports now! by FuzzyBad-Mofo · · Score: 2, Informative

    Right on the linked page:

    In addition to genuine viruses, the Virus Information Library contains useful information on virus hoaxes, those dire email warnings about disk-eating attachments that sometimes land in your inbox.
    I'm betting most of those Linux results were from hoaxes or proof of concept viruses. (or trojans and worms, which are not viruses although I suspect that McAffee lumps them together)
  15. Re:Secret APIs by dnaumov · · Score: 2, Informative

    Could you possibly talk more of these "sikrit APIs"? What Microsoft products use them? Where are they located? You DO realise that the _ENTIRE_ Windows source code is avaible to akademia as well as goverment entities?

  16. Re:Wine is not an Emulator. by Anonymous Coward · · Score: 1, Informative

    Looks like that's it...

  17. Re:Wine is not an Emulator. by Feztaa · · Score: 2, Informative

    Then it is obvious that you don't know what an emulator is.

    WINE is an implementation of the win32 api on linux, such that windows applications will run on it without recompiling. An application running on WINE isn't encapsulated in a "safe" emulated environment much like vmware would do, it's running in your system just like any other app you're running.

  18. File Associations, RH 7.2 and Windows Viruses by BigBlockMopar · · Score: 3, Informative

    When a zip file on Windows is not a zip file, you get some system enhancemnets you may not have wished for (or would even wish on your worst enemy).

    Uhhh... no. File associations are based on extensions. It's probable that you've forgotten to turn off the Explorer "feature" of hiding extensions for known filetypes. This way, you get sexygirls.jpg.exe which appears as sexygirls.jpg, or xxx.zip.scr which appears as xxx.zip. Most people are ignorant enough to leave that "feature" enabled as per Microsoft's negligent default; furthermore, most users who are pseudo-capable with computers will click on it with the flawed reasoning that, "Well, it's a JPEG, so it can't be a virus".

    Furthermore, years ago I ranted on my website that it was *very* possible to run Windows e-mail viruses, etc. under Wine. So easy that, with Red Hat 7.2's default associations which launch Wine to run DOS/Windows apps, I accidentally infected my Wine directory while demonstrating Linux freedom from virii... "Moving right along, you can see how well Linux can emulate Windows well enough to run many programs..."

    --
    Fire and Meat. Yummy.