Tuesday, October 27, 2009

Linux virus

It seems that someone got a virus on their Linux computer. They did it on purpose, and had to work pretty hard.

And it was a Windows virus. You see, Linux has a program called "Wine" that emulates Windows, so that you can run quite a lot of your Windows software on Linux. This guy ran the (Windows) virus under Wine:
So I downloaded it. And ran it in Wine. And... well, it turns out Wine emulates Windows well enough to get infected by a Windows virus.

...

It even went and added itself into the taskbar (which Wine nicely integrated with my Gnome notifications), and added reminders from time to time (read: every 2 minutes) that you're using the unregistered version.
So, do Linux fanboys (like me) need to worry about viruses? Not so much:
To stop it completely, I had to kill Wine. If it managed to infect the Wine registry well enough that it's run automatically, I will have to go into the Wine registry to remove it manually. Or I could run a couple of simple commands:
sudo aptitude purge wine;
sudo aptitude install wine;

That's it!

Plus, remember that Firefox tried to stop me 3 times before I even saw the file. In the case of a Linux-targeted virus, it would probably do just the same. If I downloaded it, I would then have to go run it manually (unless it's a .sh, in which case I may be able to just run it). To do the same amount of harm, it would then ask me for the administrator password, not just a repetitive "Allow/Deny" box that I just instinctively click Allow on. It would then proceed to do its evilnesses, but with one difference: I can still kill it just as easily.

There's a step by step with tons of screenshots. RTWT if that's your bag, baby. One of the more interesting security experiments I've seen in quite some time.

3 comments:

Weer'd Beard said...

You guys are just showing off now!

wolfwalker said...

No Linux program demonstrates the essential geekiness of Linuxites more than WINE. An acronym that is both recursive and self-contradictory -- it's like the Godel's Theorem of application names.

That said, I suppose the fact that WINE can be infected by a Windows malware kinda proves that whatever WINE actually is, it does a damn good job of imitating Windoze.

Anonymous said...

wolfwalker got what I was going to say. I haven't used WINE much on account of still having a usable windows partition, but I might get into it at some point.

Jim