digg

Facebook Connect Join Digg About

How Can Linux Get A Virus? Through WINE, Thats How!

blog.opensourcenerd.com The epic tale of how I got a virus... on Linux... using Wine... and lived.

Who dugg this? Made popular Oct 26, 2009

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

65 Comments

show profanity settings
expand all
  • JanusTheDoorman, on 10/26/2009, -2/+102I have to be honest, using Linux, I'd gotten into the habit of ignoring warnings about all the websites I knew spread malware and viruses- sometimes because I was looking for something, and sometimes just because it's fun to walk through a battlefield with godmode on. Then, because I needed to run certain software for school, I reinstalled Windows onto my laptop, and absentmindedly continued my usual browsing habits for about a week without so much as spybot to keep me safe.

    The moment of realization was a bit like what I imagine it'd be like waking up in a doorway, noticing a syringe on the ground next to you, and feeling an itch in your arm, even if you can't find an entry point.
  • FlyingCaveman, on 10/26/2009, -2/+91http://xkcd.com/350/
  • Jeff901, on 10/26/2009, -1/+47Yep....that's true. But a windows virus in wine will have no authority to your system files like it would in windows.....Your /home folder MIGHT be in trouble, but only if the virus writer wrote for /Folder as well as c:\folder directory tree.

    Linux IS BY NO MEANS impervious to infection, but you would need to really put an effort into getting and STAYING infected.....Things just don't run without your knowledge or control.....

  • NodOfficer, on 10/26/2009, -0/+44Dugg for godmode.
  • TheWindBlows, on 10/25/2009, -1/+37Just to note you probably still have the virus on your system in the ~/.wine directory.
    Just purging wine, most likely, reset your wine registry and now it doesn't autostart.
    To assure yourself it is gone (while it is running ).
    ps -u $USER | cut -d " " -f 11 | grep .exe
    (list your user processes cut's out useless stuff then grep's for .exe 's )
    You'll get a list of wine programs
    then you can find the programs with find
    find ~/.wine -name "$wineexe"
    replace $wineexe with the name of the process.exe
    after that you could delete them
    It should be fairly easy just to make a shell script that loops through and ask to delete file x
  • DaemoNmwk, on 10/26/2009, -0/+27WINE flu?


    ...seriously no one thought of that yet? haha!
  • jv2k, on 10/26/2009, -0/+27I'm actually being very careful to not fall into what you just described. I sometimes click the links that spambots give or punch that monkey just to see where it'll take me.

    It's almost like sneaking into the girls locker room or bathroom. Yea there's no appeal to being in an empty smelly room, but it's forbidden ground, no mans land, the place of no return!
  • samezies, on 10/26/2009, -1/+22Eww...geocities
  • sylv3r, on 10/26/2009, -1/+20Wow... Digg really needs a spam filter for the comments.
  • ileftfark, on 10/26/2009, -3/+22Sadly, Linux doesn't give you more bandwidth. :(
  • inactive, on 10/26/2009, -6/+24Every computer can be crashed, every computer can be hacked, every computer can get viruses. Note that no marketing material for any operating system will ever claim otherwise, and with good reason. Fanboy vs. Fanboy discussions will often say "See? Your [whatever] got a virus! You're not as invincible as you claim!", but that's really born from a misunderstanding of how computers work. When you're concerned with security and stability, you want to pick the option which has taken the most precautions, much in the same way you look at a car's design and safety features. But, also like a car, you can't say it's never going to crash or break down. You can only make intelligent choices to weight the odds in your favor.
  • tj111, on 10/26/2009, -2/+18XKCD: Always relevant.
  • cantormath, on 10/26/2009, -0/+14This does not mean Linux can get a virus. It means you can run a virus in Linux.....using wine.
  • InactiveUser, on 10/26/2009, -1/+15Well you could argue that. A good author might connect through /tmp which wine uses and subsequently manage a brute force escalation to super user. Though you would have to do this with considerable hands on skill.

    Just the same in above scenario you could then root kit the system and no one could tell. The only givaway would be the extra user account and the log file would tell all. Basically an unattended system would be risky, a home user would know almost strait away given the new folders that would appear or could appear and the extra system load it would present. Ubuntu and other systems also have code that detects such breaches and informs you. But always the log file is the key..No secrets in that thing.

    Again - not impossible but hardly worth the effort given the odds of being detected are 1000 times greater than windows, even with an undetectable root kit. :)
  • chunkybeefstu, on 10/26/2009, -0/+12MY SATISFACTION IS YOUR MAIN PURSUE?! WHY THANK YOU SPAMMER, YOU ARE VERY HELPFUL!
  • inactive, on 10/26/2009, -2/+14This spam is getting ridiculous. Digg needs a better comment posting algorithm. They shouldn't let you post that many links on a new account or something
  • EmitStop, on 10/26/2009, -3/+15http://rorr.im
  • inactive, on 10/26/2009, -0/+11The point isn't if it's "impossible". That's a fool's argument. No reasonable person would ever say it's impossible to infect Linux. The point is that it's *harder*... and that matters.

    "Not impossible but hardly worth the effort" ...that sums it up nicely.
  • raydeen, on 10/26/2009, -0/+9I like the godmode analogy. Linux is iddqd.
  • InactiveUser, on 10/26/2009, -1/+10www.myyshop.com is the vendor who used an iFrame hack on 2 websites I fixed. Both were pointing to this URL and a sub folder that loaded a trojan through IE using obfuscated JS.
    If its the same person - be careful!
    So I have to ask, who's credit card did you steal this time and did you rent the server in Canada again? (Last time it was an Iraqi man who lost money leasing the server).

  • ohplease, on 10/26/2009, -1/+9This isn't a virus, it's a trojan. Dumb.
  • jasmus, on 10/26/2009, -1/+9Ok this sucks. How much more do we take before we decide not to be polite and bomb this ***** website into the ground. Not that we should, etc.
  • midtown, on 10/26/2009, -0/+8Nope, the author was right, purging wine removes ~/.wine like any software purge (but not removal) will remove any settings and configurations.
  • linksus, on 10/26/2009, -0/+8I just went back in time! TIME!!!! Back in TIME!!!!
  • BREZZZ, on 10/26/2009, -0/+8I was always wondering if it was possible, but too scared to try it.
  • yacks, on 10/26/2009, -1/+8kind of like Nicolas Cage at the end of Lord of War when he woke up naked in bed.. in Africa and had unprotected sex with a stranger.
  • PiddlyD, on 10/26/2009, -4/+11Agreed, Corey. The problem here is that an attack against a Linux box (there was a 100 node Linux botnet discovered recently) - is most likely to happen as either exploits of an insecure service opened to the public or as an attempt to socially engineer users into an action that compromises their security. The weak link then, is the person at the keyboard (who has failed to patch his machine or who is tricked into doing something he shouldn't do). To me, it doesn't really matter, if the end result is a compromised machine. Someone brighter and more dilligent would be safer on a Win32 machine than a moron on a Linux box.

    If Linux doesn't enjoy "security through obscurity" - then at the very least, it enjoys 'security through hackers not giving a damn".

    Face it, Win32 people are doing important online transactions and there are sooooo many of them. People with OS X have deep pockets. In both cases, it is easy to see why hackers are following the money.

    But why target Linux guys? The only thing you might do is have some pity on them and transfer some money from an OS X user's bank account into theirs. :D
  • fsufitch, on 10/26/2009, -1/+8Dammit guys, stop flooding my server :-P I'm swamped here. Just joking, thanks for the views :)
  • Kirsle, on 10/26/2009, -0/+5Wine *can* get into your /home directory easily... wine maps My Documents in the virtual Win32 filesystem back to your home directory. Just browse for a file in something with a Wine app (e.g. Notepad) and you'll see... My Documents, My Pictures, and My Videos are all symlinks to your homedir.

    A virus that wants to e.g. encrypt all your documents with a strong RSA cipher and hold them ransom would be just as capable of doing so in Linux as it would in Windows.

    So I don't recommend using Wine to run viruses; that's what VirtualBox is for. ;)
  • elfprince13, on 10/26/2009, -1/+6I'm pretty sure last time I read about someone trying to infect themselves via Wine, they weren't able to, between a fairly large number of virus samples.
  • bjornski, on 10/26/2009, -0/+5I see your point, but he's making a valid one also. There has been a huge influx of messages spamming links to external sites lately (yes, more than usual). It would be nice if Digg could recognize that and say "hey, you've posted this link 10+ times in the last day, piss off!"

    Reporting them works too, but it'd be nice if they didn't get past the filters in the first place.
  • inactive, on 10/26/2009, -0/+5The one thing I would add is that a burglar cases houses before robbing them... and they look for the houses that are least secure. There's no point in increasing their risk; even if they aren't afraid of getting caught, why make the prize harder to acquire? Computers are a lot like this. A hacker is going to pick a machine he knows he can get into before he picks one he knows he can't. After all, it's not like there aren't passwords and bank codes and credit card numbers on Linux or OS X machines.
  • Origin415, on 10/26/2009, -3/+8Yes, hacking linux is useless, its not like the majority of the internet uses linux servers.
  • yoshi8710, on 10/26/2009, -3/+7it's called the burry button.
  • lexman098, on 10/26/2009, -1/+5"So let me understand, you loaded this program on your computer although you knew it's a virus, or you thought that Windows Police Pro is a genuine anti-virus?

    Dad"

    LOL
  • cantormath, on 10/26/2009, -1/+5Thats all and no need for Norton AntiVirus ::grin::
  • inactive, on 10/26/2009, -0/+4Er... not sure what you're going for here.
  • bjornski, on 10/26/2009, -0/+4Well, you read about it once, so that proves this article is *****.

    That's good enough for me! Carry on!
  • BioHMMWV, on 10/26/2009, -2/+6Works like this......*Bury*
  • hardeep1singh, on 10/26/2009, -1/+5Creating Linux viruses would be like targeting the wrong market section since only geeks use it. Geeks have the ability to even run a windows machine without an anti virus and not get infected. So your chances of getting successful are next to nil. Plus its not worth the effort as there aren't enough people using it. Why would you create a virus or any other application targeting 5-6 percent users when you can simply create one that targets 85% of users in one go.

  • custangro, on 10/26/2009, -0/+3I like that you have to TRY in order to get a virus on Linux :)
  • inactive, on 10/26/2009, -2/+5The same way any computer can get a virus...through human error of an idiot at the controls.
  • robdiggity, on 10/26/2009, -0/+2is that you Cleveland?
  • jasmus, on 10/26/2009, -0/+2although the page's title is mykshop.com, that address throws up an invalid hostname error. all the links point to www.dudemalls.com

    So, don't replace www.mykshop.com in that script with www.dudemalls.com. Because you're not running it, are you?
  • whytey, on 10/26/2009, -0/+2The Virus Writer

    Lol
  • wheresjim, on 10/26/2009, -1/+3I did that once on purpose, since I was planning on a fresh install anyway it was no big deal, but yea, you can get a virus on Linux this way.
  • MWeather, on 10/26/2009, -1/+2It's not the implementation that is the problem.
  • FyberOptic, on 10/26/2009, -0/+1So Linux and OSX are just incapable of getting malware then, eh?
  • lnxfi, on 10/26/2009, -3/+4oh dear! there's no safe place to hide!
  • Fetching more discussions...
    Show 51 - 73 of 73 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.