Tuesday, October 27, 2009

Linux virus

It seems that someone got a virus on their Linux computer. They did it on purpose, and had to work pretty hard.

And it was a Windows virus. You see, Linux has a program called "Wine" that emulates Windows, so that you can run quite a lot of your Windows software on Linux. This guy ran the (Windows) virus under Wine:
So I downloaded it. And ran it in Wine. And... well, it turns out Wine emulates Windows well enough to get infected by a Windows virus.

...

It even went and added itself into the taskbar (which Wine nicely integrated with my Gnome notifications), and added reminders from time to time (read: every 2 minutes) that you're using the unregistered version.
So, do Linux fanboys (like me) need to worry about viruses? Not so much:
To stop it completely, I had to kill Wine. If it managed to infect the Wine registry well enough that it's run automatically, I will have to go into the Wine registry to remove it manually. Or I could run a couple of simple commands:
sudo aptitude purge wine;
sudo aptitude install wine;

That's it!

Plus, remember that Firefox tried to stop me 3 times before I even saw the file. In the case of a Linux-targeted virus, it would probably do just the same. If I downloaded it, I would then have to go run it manually (unless it's a .sh, in which case I may be able to just run it). To do the same amount of harm, it would then ask me for the administrator password, not just a repetitive "Allow/Deny" box that I just instinctively click Allow on. It would then proceed to do its evilnesses, but with one difference: I can still kill it just as easily.

There's a step by step with tons of screenshots. RTWT if that's your bag, baby. One of the more interesting security experiments I've seen in quite some time.

3 comments:

  1. No Linux program demonstrates the essential geekiness of Linuxites more than WINE. An acronym that is both recursive and self-contradictory -- it's like the Godel's Theorem of application names.

    That said, I suppose the fact that WINE can be infected by a Windows malware kinda proves that whatever WINE actually is, it does a damn good job of imitating Windoze.

    ReplyDelete
  2. wolfwalker got what I was going to say. I haven't used WINE much on account of still having a usable windows partition, but I might get into it at some point.

    Jim

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.