Slashdot Mirror

← Back to Stories (view on slashdot.org)

Running Windows Viruses Under Linux

Posted by timothy on from the under-is-the-right-preposition dept.

ResQuad writes "Everyone loves Windows viruses, right? Well, the crazy people over at NewsForge (owned by the same people that own Slashdot) decided to try running Windows viruses with Wine. So next time you receive an email virus, strike up Wine and see what you can do (or not)."

14 of 361 comments (clear)

  1. That's awhole lot of differences by Dark+Coder · · Score: 5, Interesting

    True AV and AT (anti-trojan) SW engineers uses VMWARE for their studies and dissemination of malacious flotsam of codes floating around the internet.

    But the article is "A Good Thing" because it shows EITHER that Wine isn't 100% Microcrap or is more robust against viruses.

    Take your pick.

  2. Done it. It works. Kinda. by Frater+219 · · Score: 5, Interesting
    This past December, one of the engineers at my workplace gave a presentation on WINE. Since I'm the security guy, somone asked me if Windows viruses ran under WINE. So I tried three: Lovgate, a Mydoom variant, and a Netsky variant.

    Lovgate simply exited without doing anything. Mydoom actually crashed WINE into its debugger. The Netsky variant, as the article describes (SomeFool is Netsky) actually ran. Moreover, it did a passel of DNS queries and actually tried to send e-mail (which was rejected). So, if that e-mail had been accepted, Netsky would have been able to propagate under WINE. As in the article, Ctrl-C proved necessary and effective.

    To make a long story short, yes, some Windows viruses do run under WINE. Of course, you have to tell WINE to run them -- not exactly the social engineering that viruses are intended to do. However, as WINE gets more popular and reliable, I would expect that this will be more of a problem for people who choose to (e.g.) run Outlook in WINE.

    (For what it's worth, WINE isn't the only way to run Windows viruses and worms on your non-Windows system. I've had to explain to users that yes, their VMware or Virtual PC system is quite capable of getting wormed, and that yes, they did need to do their Windows Update on that "virtual" Windows system, too.)

    1. Re:Done it. It works. Kinda. by einhverfr · · Score: 2, Interesting

      Of course, you have to tell WINE to run them -- not exactly the social engineering that viruses are intended to do.

      You can tell Mozilla to open .exe's with Wine ;-). Maybe you can add the same mime-types to Gnome and/or KDE!

      --

      LedgerSMB: Open source Accounting/ERP
    2. Re:Done it. It works. Kinda. by kevcol · · Score: 4, Interesting

      Not 'kinda' here.

      Propogated.

      I executed a viral attachment once about 4 months ago, and then forgot about it ("Haha! That can't possibly work."). A couple hours later, my 'abuse' address had a complaint. Source IP was my SuSE workstation. Thunderbird even deep-sixed a spam that was sent by my own machine to me. D'oh!

  3. Re:Wine is not an Emulator. by m50d · · Score: 2, Interesting

    Or it could just be an emulator that doesn't work very well. If you try an early version of bochs/vmware/etc. from before they had networking support, the viruses won't be able to own that either.

    --
    I am trolling
  4. Re:Native ports now! by morcheeba · · Score: 4, Interesting

    I used to work for a 5-person company. We easily ported our main ap to linux, but a critical tool we used to build our code was developed for windows. It was gui-centric, so a port would be difficult, and besides, all the programmers were algorithm people, not gui people. Wine was a godsend - our old tool just worked, and it saved us a lot of time. Boycotting ourselves wouldn't have gotten us the needed people to port it.

    --
    HIV Crosses Species Barrier... into Muppets
  5. Secret APIs by hey · · Score: 2, Interesting

    Running Microsoft programs is the hardest for Wine because they use secret function calls. The Virus writers (presumably) aren't insiders so don't know about the secret APIs. Should be easy for Wine.

    1. Re:Secret APIs by TekPolitik · · Score: 3, Interesting
      Running Microsoft programs is the hardest for Wine because they use secret function calls

      Current CVS versions of Wine can install and run the major MS applications, including MS office and Internet Explorer. Why would you do such a thing, I hear you ask? Because users still use Windows and as developers we still have to write code that interfaces with those applications. Absent that, OpenOffice and Konqueror or Mozilla work perfectly well.

  6. Been there, done that '99 by wertarbyte · · Score: 2, Interesting

    Right before Y2K, there was a worm/virus/whatever called Happy99.exe. If you secured your wine installation prior execution, you could watch the pretty fireworks it produced without harming your installation.

    --
    Life is just nature's way of keeping meat fresh.
  7. Wine devs test for this by bluGill · · Score: 5, Interesting

    At the last WineConf (almost exactly one year ago) some of the Wine developers were testing the hot mail virus of the day to make sure it ran. That was the one that activated as a DDoS on www.sco.com. It ran, and after putting making www.sco.com resolve to 127.0.0.1 in /etc/hosts it attempted to take down the local machine.

    We also found the back door, and came close to getting arbitrary programs to run from it, but supper came before we got that part working. We think it would have worked if a free meal hadn't gotten in the way.

    So now you know. If a windows virus doesn't run under wine you can thank CodeWeavers for buying everyone a meal before we got it implimented.

  8. The Sound of One Hand Clapping by 4of12 · · Score: 4, Interesting

    So, if WINE fails to properly run a Windows virus under Linux, is it considered a bug or a feature?

    --
    "Provided by the management for your protection."
    1. Re:The Sound of One Hand Clapping by XO · · Score: 2, Interesting

      My roommate's laptop had only previously ever been connected to an Internet via either the NAT/firewall box on our home network, or via her work network.

      She got an AT&T Wireless Air-card type thing, and almost immediatly upon logging into it, her computer started counting down the seconds to rebooting. Don't remember what virus that was, but it's STILL going around like a year or two later. And it is infecting virtually ANYTHING that connects to the Internet if it's vulnerable. Also picked up several others that had never touched her laptop before that within hours of being connected without a NAT/firewall in the way.

      --
      "Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
    2. Re:The Sound of One Hand Clapping by /dev/trash · · Score: 2, Interesting

      a bug. WINE is supposed to do exactly what Windows would.

  9. Re:Wine is not an Emulator. by hunterx11 · · Score: 2, Interesting

    This isn't an English class, it's Slashdot. Slang exists. Deal with it. I don't say "alright" but I've come to terms with the fact that it will inevitably become an accepted word.

    --
    English is easier said than done.