Running Windows Viruses Under Linux

ResQuad writes "Everyone loves Windows viruses, right? Well, the crazy people over at NewsForge (owned by the same people that own Slashdot) decided to try running Windows viruses with Wine. So next time you receive an email virus, strike up Wine and see what you can do (or not)."

Obligatory

[commodoresloat]

Will this run on a Lexus?

Re:Obligatory

[greechneb]

Don't give them any ideas. Next thing you know we'll see Norton antivirus:Auto 2005 - guaranteed to keep your system virus free AND improve your gas mileage!

Re:Obligatory

[lukewarmfusion]

Along with my 3-month oil changes, six month tire rotations, and annual checkup, I need to buy a new LiveUpdate license so my car won't crash?

To be fair, if I spent that much on a Lexus I should expect to see pictures of Anna Kournikova.

Re:Obligatory

[3TimeLoser]

For that amount of money, I'd expect to see her in the passenger seat.

Although, I'm sure my wife would not agree.

Re:Obligatory

[Andrewkov]

I'm already running Norton Anti-virus under Wine on Linux, no viruses found yet!! :-)

Re:Obligatory

[Illserve]

I'm willing to bet that upon looking back, this statement is going to be much less funny in 10 years.

Re:Obligatory

[cerberusss]

For that amount of money, I'd expect to see her in the passenger seat.

For that amount of money, I'd expect her in the back seat. And while my girlfriend might not agree, she could certainly join.

Wine is not an Emulator.

[wot.narg]

Lets see just how non emulator wine is... If the virii own it, its an emulator, if not, its telling the truth.

Bwhahahh...

Re:Wine is not an Emulator.

[Jarn_Firebrand]

Mod parent up and insightful

Re:Wine is not an Emulator.

Mod parent up Informative. Mod this post Funny.

Re:Wine is not an Emulator.

[Lord+Kano]

You are correct.

We have "bling bling" and "ain't" in dictionaries. Marijuana is legally classified as a "narcotic", when in pharmacology only opiates can be narcotics.

The language changes. It may suck, but it's reality.

LK

Re:Wine is not an Emulator.

[m50d]

Yeah, just like lame ain't an mp3 encoder. Names aren't always the full story. Wine definitely is an emulator in that it emulates, it just does it on a different level than most emulators, so it doesn't have many of their drawbacks, like the slowness.

Re:Wine is not an Emulator.

[dinivin]

Just because that's what the developer's claim, it doesn't make it so.

If it quacks like a duck, walks like a duck, and looks like a duck, it's gonna be a duck.

Wine, acronym or not, is an emulator.

Dinivin

Re:Wine is not an Emulator.

Wine emulates the Win32 API, if anything

Wine does not emulate a processor, video, or sound subsystem, but rather 'wraps' the necessary calls (in theory) to native Linux calls. It requires an x86 CPU (for which an x86 emulator could be used, I suppose, but it's still not part of Wine).

And in the situations where real Win32 DLLs are used, it's not even emulating that part of the API.

It might be considered a simulator, but I doubt it would be considered an emulator.

Re:Wine is not an Emulator.

[LittleBigLui]

there are math coprocessor emulators, OS emulators and copy-protection emulators.

That statement is illegal under the DMCA. Prepare to be sued. And no, there aren't.

Yours, the RIAA.

Re:Wine is not an Emulator.

[Alsee]

Don't mod this post, nor any further replies.
Which ironically is probably an insightful solution to this rediculous runaway thread. Damn geek metahumor.

-

Native ports now!

[PCM2]

Oh my god, how many times do we have to say it? People, running Windows software under WINE is not a solution. I say all Slashdotters should boycott these software vendors until we get a serious commitment from them to do true, native Linux ports of their products.

And for that matter, why aren't their open source alternatives to this software already? The open source community won't stay competitive by resting on its laurels.

Re:Native ports now!

[freshman_a]

Yes, I demand that there be open source native Linux ports of all Windows viruses!

</sarcasm>

Re:Native ports now!

[airConditionedGypsy]

Yes, it is a solution. Especially in situations where you have persuaded your friends and relatives to use Linux, but they still want to use some crappy Windows software because they are used to it, and there are no free/open-source ones.

Furthermore, the 2% of Linux users don't really constitute a meaningful profit motive for these companies. We need to do more to get Linux on the desktop before they'll jump off the MS ship.

Re:Native ports now!

[morcheeba]

I used to work for a 5-person company. We easily ported our main ap to linux, but a critical tool we used to build our code was developed for windows. It was gui-centric, so a port would be difficult, and besides, all the programmers were algorithm people, not gui people. Wine was a godsend - our old tool just worked, and it saved us a lot of time. Boycotting ourselves wouldn't have gotten us the needed people to port it.

Re:Native ports now!

[me+at+werk]

If we can prove that their programs can run well under linux with just a few tweaks in how it speaks to the system (WINE is a compatibility layer), and possibly even explain to the company how to change their software to speak correctly, it makes it take a lot less of their time to release a native linux version, as they already know how to do it.

So if you help them help you, we've got native software on Linux. But, that's just my opinion.

Combatibility! Yes!

[physicsphairy]

The last barrier between widows and linux is slowly but surely being eroded by the WINE engineers.

Brilliant work guys!

Damn worm writers...

Programmers these days, don't they even CARE about cross-platform compatability!?

Re:Damn worm writers...

[einhverfr]

Programmers these days, don't they even CARE about cross-platform compatability!?

Right. At least the Morris Worm was distributed with the Source Code and was cross-platform. Go look for something like this today.

That's awhole lot of differences

[Dark+Coder]

True AV and AT (anti-trojan) SW engineers uses VMWARE for their studies and dissemination of malacious flotsam of codes floating around the internet.

But the article is "A Good Thing" because it shows EITHER that Wine isn't 100% Microcrap or is more robust against viruses.

Take your pick.

Re:His point?

[kempokaraterulz]

The point being its not a zip file to begin with. its simply disguised as one.

about time. I almost forgot what a virus was

[locutus2k]

Its nice to see someone finally exploited this long missing aspect of linux. What better way to make a windozer user feel more at home than with their old virus friends.

Nice article, and congrats matt on your first article.

-Craig

Done it. It works. Kinda.

[Frater+219]

This past December, one of the engineers at my workplace gave a presentation on WINE. Since I'm the security guy, somone asked me if Windows viruses ran under WINE. So I tried three: Lovgate, a Mydoom variant, and a Netsky variant.

Lovgate simply exited without doing anything. Mydoom actually crashed WINE into its debugger. The Netsky variant, as the article describes (SomeFool is Netsky) actually ran. Moreover, it did a passel of DNS queries and actually tried to send e-mail (which was rejected). So, if that e-mail had been accepted, Netsky would have been able to propagate under WINE. As in the article, Ctrl-C proved necessary and effective.

To make a long story short, yes, some Windows viruses do run under WINE. Of course, you have to tell WINE to run them -- not exactly the social engineering that viruses are intended to do. However, as WINE gets more popular and reliable, I would expect that this will be more of a problem for people who choose to (e.g.) run Outlook in WINE.

(For what it's worth, WINE isn't the only way to run Windows viruses and worms on your non-Windows system. I've had to explain to users that yes, their VMware or Virtual PC system is quite capable of getting wormed, and that yes, they did need to do their Windows Update on that "virtual" Windows system, too.)

Re:Done it. It works. Kinda.

[kevcol]

Not 'kinda' here.

Propogated.

I executed a viral attachment once about 4 months ago, and then forgot about it ("Haha! That can't possibly work."). A couple hours later, my 'abuse' address had a complaint. Source IP was my SuSE workstation. Thunderbird even deep-sixed a spam that was sent by my own machine to me. D'oh!

Discussed in Ask Slashdot

[gbulmash]

Oddly enough, this was discussed in an Ask Slashdot in October 2003.

- Greg

What about spyware?

[RikRat]

I run Windows spyware under Wine. I also emulate IE6 so I can use CoolWebSearch and other cool searchbars! I have this cute Bonzi Buddy and a system tray icon which tells me the weather!

How many times do I have to tell you k|dd|35...

[gotgenes]

...to stop Wine-ing

Geeze!

No desire

[Schezar]

It's simple. A lot of specialty software is very boring, and there just isn't any interest in the OSS community in developing similar software.

Many businesses, especially real estate, banking, auto repair, fast food, and hotel management, rely on software written for windows many years ago that, for them, functions just fine.

They're not techies: computers are not their business. Their business is their business. They're not going to invest resources in developing what they already have just so it can run on "another kind of computer." WINE is the perfect solution for these applications.

Maybe, years from now, when they're running -ALL- of their software under WINE, they might realize that there's a better way.

Until then, good luck finding good programmers who are psyched to write hotel reservation management software that will interface an archaic database platform for free.

Projects like Open Office and The GIMP don't suffer from this problem largely because they're applications that Linux users need on a regular basis. When was the last time you needed to track your fast food orders?

Yes, but

[einhverfr]

What would RMS say?

Is that virus Free Software?

Re:Yes, but

[einhverfr]

That's GNU/MyDoom

Or maybe MyGNUUM?

What is MyGNUUM? MyGNUUM is a port of the popular Windows mass-mailer "MyDoom." It is licensed under the GNU GPL, which some have criticized as a "viral" license.

Because it didn't execute the not-zip file

[SuperKendall]

When a zip file on Linux is not a zip file, you get an error.

When a zip file on Windows is not a zip file, you get some system enhancemnets you may not have wished for (or would even wish on your worst enemy).

Re:Because it didn't execute the not-zip file

[ad0gg]

No you don't, extensions have always been handled by the associated application. If you change an .exe to .zip and try to run it, you get a corrupted zip file error message.

PE on linux

[northcat]

Linux kernel now supports foriegn binaries. IIRC, some patches are available to enable support for PE binaries (Windows native binaries). If dependencies are kept low, with some clever programming, virii that run on multiple platforms are possible without something like wine or java.

Re:Running Linux Games Under Windows

Solitare. It's the only game I care about.

...but obviously not enough to spell it correctly.

Wine devs test for this

[bluGill]

At the last WineConf (almost exactly one year ago) some of the Wine developers were testing the hot mail virus of the day to make sure it ran. That was the one that activated as a DDoS on www.sco.com. It ran, and after putting making www.sco.com resolve to 127.0.0.1 in /etc/hosts it attempted to take down the local machine.

We also found the back door, and came close to getting arbitrary programs to run from it, but supper came before we got that part working. We think it would have worked if a free meal hadn't gotten in the way.

So now you know. If a windows virus doesn't run under wine you can thank CodeWeavers for buying everyone a meal before we got it implimented.

If you do this,

[Jeremiah+Cornelius]

If you do this - run the exploit code - can you spell it Whine?

Whine is Hazardous, even If Not and Emulator

The Sound of One Hand Clapping

[4of12]

So, if WINE fails to properly run a Windows virus under Linux, is it considered a bug or a feature?

Re:The Sound of One Hand Clapping

Yes

Re:Secret APIs

[TekPolitik]

Running Microsoft programs is the hardest for Wine because they use secret function calls

Current CVS versions of Wine can install and run the major MS applications, including MS office and Internet Explorer. Why would you do such a thing, I hear you ask? Because users still use Windows and as developers we still have to write code that interfaces with those applications. Absent that, OpenOffice and Konqueror or Mozilla work perfectly well.

Wine - could do better

[martin]

Obviously work is still needed on Wine to make it more Windows compatible :-)

Am I Missing Something?

[Cruxus]

Hello, fellow Slashdotters,

I use Microsoft Windows XP, Professional Edition, Service Pack 2; yet my computer is missing the viruses mentioned in this article. Where did I go wrong? My Web browser is Mozilla Firefox 1.0, and my e-mail client is Mozilla Thunderbird 1.0. Should I change these? Microsoft Internet Explorer 6.0 SP-2 is resident on my computer for testing my websites in this popular program. Should I browse more freely with it? I prefer to use open-source-licensed software on my computer when possible (except the OS itself, although I do have an underutilized Debian partition). Should I start downloading random programs without being sure they do not contain any kind of malware?

I just want to get along better with my fellow Windows users! Please, help!

Linux viruses already exist!

[eric.t.f.bat]

I suspect I may have a virus on my Linux system. The other day I switched the computer on, and it took a very long time to boot - and kept spewing out all this cryptic text as it did. After I logged in, I noticed that my desktop menu had a lot of strange, poorly documented programs in it, some of which didn't seem to do anything useful. The configuration system was strangely flakey, popping up tabbed windows that wouldn't go away when I clicked on other options. Various programs worked partially, but in some of them the clipboard didn't work properly and in others the windows widgets and controls looked wrong. A few would randomly open shell windows when I tried running them, even though they were GUI programs. The windows theming/skinning system worked partially, at best. I tried running a graphics program, but it just opened up lots of windows all over the screen and I couldn't get it to do anything reasonable, so I gave up. I suspect it was the cause of the virus infection, in fact, because it was called some insulting and childish name that had nothing to do with Graphics or Image Manipulation Programs or anything else. Oh, and there's this picture that shows up everywhere, of some kind of anatomically improbable cartoon bird with an eating disorder, which is either a symptom of virus infection or else a failed attempt at coordinated branding by a lot of uncoordinated programmers.

In general, my Linux system seems to be totally hosed. I think I'll go back to Windows.

File Associations, RH 7.2 and Windows Viruses

[BigBlockMopar]

When a zip file on Windows is not a zip file, you get some system enhancemnets you may not have wished for (or would even wish on your worst enemy).

Uhhh... no. File associations are based on extensions. It's probable that you've forgotten to turn off the Explorer "feature" of hiding extensions for known filetypes. This way, you get sexygirls.jpg.exe which appears as sexygirls.jpg, or xxx.zip.scr which appears as xxx.zip. Most people are ignorant enough to leave that "feature" enabled as per Microsoft's negligent default; furthermore, most users who are pseudo-capable with computers will click on it with the flawed reasoning that, "Well, it's a JPEG, so it can't be a virus".

Furthermore, years ago I ranted on my website that it was *very* possible to run Windows e-mail viruses, etc. under Wine. So easy that, with Red Hat 7.2's default associations which launch Wine to run DOS/Windows apps, I accidentally infected my Wine directory while demonstrating Linux freedom from virii... "Moving right along, you can see how well Linux can emulate Windows well enough to run many programs..."