Skip to main content

:Linux: Wine How- to | Running Windows viruses with Wine

t just isn't fair that Windows users get all the viruses. I mean really, shouldn't Linux users be in on the fun as well? Well... thanks to the folks running the Wine project, Linux users can "catch the virus bug" too -- sort of.

Linux just isn't user-friendly when it comes to viruses. You have to work to find and run them. It doesn't happen automatically as it does with Windows. The GNU/Linux folks really should improve this glaring discrepancy.

While I have friends that collect viruses, I didn't need to bother them. I found plenty by looking through my staggering collection of bogofilter sorted mail. I apt-getted a copy of ClamAV, and after siccing it at my spam-and-other-things-I-don't-want-to-read collection, I yanked out a half-dozen unique, only Windows-compatible, viruses. That "only Windows-compatible" part was about to change.
Klez

Amazingly, Klez ran, but Wine kept on spewing out errors about "ntdll." After Googling to find out what Klez was supposed to do, I discovered that it's supposed to scour your system for email addresses, then mail itself out in a mostly un-RFC fashion. I didn't want to miss out on this, so I added my e-mail address to a .txt file under ~/.wine/fake_windows/Windows/Desktop/ and re-ran the virus. After waiting for a few minutes, and receiving no mail, I gave Symantec's summary of the Klez virus another look. Klez is so un-RFC compliant that it doesn't even bother to query DNS for the mail server of a given domain. It just tries "smtp.domainname.com." My mail server isn't named smtp.mydomain.com, but the Panix ISP (where I have a shell account) has such a host, so I edited my .txt file and tried again. After waiting half an hour, still nothing. Was networking working with Wine? I downloaded a copy of putty, and that worked. Panix must be blocking Klez via a Postfix regex or something. I give Klez 2/5 Penguins for at least running, but not doing what it's supposed to.

MyDoom
MyDoom seemed to be a .zip file, (the file command concurred) but Info-ZIP's unzip command couldn't even unzip it. That's about as un-Linux compatible as you can get. 0/5 penguins.

Sobig

According to ClamAV, I had two different strains of the Sobig worm. Both of them ran. Sobig is supposed to create a winstt32.dat file. There wasn't a file named that anywhere under my fake_windows directory. It didn't send me email either. 2/5 penguins, as it's about as Linux compatible as Klez.
SCO worm

A virus named after SCO that was designed to DoS attack SCO should definitely be Linux compatible, right? The SCO virus (at least according to ClamAV) is actually just a variant on the MyDoom worm, but unlike MyDoom I was able to unzip this on Linux.

Not only does it run, but it actually dumped its payload at ~/.wine/fake_windows/Windows/System/shimgapi.dll! Unfortunately, that's all it did before it terminated. I mean, if it had kept on running, I might have been sufficiently tempted to set my system clock to February 3, 2004, in order to get in on the DoS fun! It must require Windows to bone-headedly execute its payload. I'll give it 3/5 penguins for actually doing something. Plus, whoever modified MyDoom like this actually seemed to put some thought into making it more Linux-compatible. That's what I call progress.
SomeFool

The SomeFool first-generation worm (Netsky.D according to some folks) actually installs its winlogon.exe file under Wine, and, as an added bonus, seems to get stuck in an endless loop, thus really having a negative performance impact on my Linux machine! I'll give this one 4/5 penguins for not only running and sort of doing what it was supposed to, but actually doing mildly bad things to Linux -- at least until I hit Control-C in the terminal from which I was running Wine to stop it dead.

Conclusion

Out of the five Windows viruses I ran under Wine, not a single one was able to send email and propagate itself. When I went out of my way to be part of the Windows community by doing my part to propagate Windows viruses (lots of Windows users seem to think this is important, seeing as how they run random executables and use Microsoft Outlook and Internet Explorer) I discovered that it couldn't easily be done with GNU/Linux tools. Oh sure, I could manually forward these viruses to the folks in my address book, but where's the fun in that? Besides, these viruses usually lie in the From: line and use a handful of different Subject: lines. As a GNU/Linux user, I really don't want to miss out on these important functionalities.

I tip my hat to the creators of the SomeFool virus, for actually (albeit temporarily and minimally) affecting my Linux experience. However, if that's the most damage I can get by running viruses with Wine under a dummy account, then it's clear that the Wine developers have a long way to go before Wine is truly Windows compatible.


Source
NewsForge.com

Comments

  1. This is rather amusing. Good work :)

    ReplyDelete
  2. [...] It’s very common to remember viruses, instability and stupidity when we talk about Microsoft windows operating system, and now we have to add Power consumption :-) Connect any USB 2.0 device to your notebook and lose more than one hour of battery time: Tom’s Hardware Guide’s tests of a Windows-based Intel Core Duo mobile processor platform revealed a serious power consumption issue that, according to Intel, is caused by a Microsoft driver bug - a bug that has been known by Microsoft for some time, but kept from the public eye until today. [...]

    ReplyDelete
  3. Thats hilarious, I was looking for what virii would do in Wine, and this just made me laugh!!

    Peace

    ReplyDelete
  4. [...] Originally Posted by bangorme 2) I'm running World of Warcraft on Wine. Does Wine have the same susceptibilities that Windows has? If it does, since I'm not running anything but WOW on Wine, is it possible for keyloggers to cross from Linux into Wine? I know nothing about WOW (the only game I play in Linux is chess, and I use native Linux programs for that). But I have read a number of entertaining articles posted by users who have tried (unsuccessfully) to get virus to run fully under wine. Take a look at some of these entertaining reads: Jad

    ReplyDelete

Post a Comment

Popular posts from this blog

اهم التطورات العلمية في العام ٢٠١٩

10 things Dorothée Loorbach learned after losing a lot of money

Dorothée isn't just sharing her life changing experience with work and money, and sharing the following tips which won't make much sense without listening to the tips in her own words Money is important Money equals time Money equals value What people say doesn't matter What people say matters most when people is you! It's really simple - spend less, earn more, invest wisely and value yourself. It's not that easy Being broke sucks Stay Broke - be present in your own life Money isn't important https://youtu.be/_8l2egORXGA

Rules of war (in a nutshell)

https://youtu.be/HwpzzAefx9M Since the beginning, humans have resorted to violence as a way to settle disagreements. Yet through the ages, people from around the world have tried to limit the brutality of war. It was this humanitarian spirit that led to the First Geneva Convention of 1864, and to the birth of modern International Humanitarian Law. Setting the basic limits on how wars can be fought, these universal laws of war protect those not fighting, as well as those no longer able to. To do this, a distinction must always be made between who or what may be attacked, and who or what must be spared and protected.