Wine with Virus

Questions about applications and software
Forum rules
Before you post please read this

Wine with Virus

Postby grimdestripador on Fri Jun 27, 2008 4:01 pm

As I relapse occasionally and use Windows, but have been working on Linux primarily. I would like to make public one of my oversites with WINE and virii. Ending up with alot of headaches.

Purpose:
Break linux with windows virus. Complete with 100% cpu load.

Setup:
Linux Mint [hda1]
Windows XP [hdb1] with EXTIFS (EXT2 Installable Files system Driver)

Procedure:
Install Windows (preferably while connected to the internet)
Install Linux and boot loader.
Install Wine and Wine HQ
Boot Windows
Download EXTIFS from internet
Install EXTIFS to copy windows drivers stored on linux partition
Leave connected to internet. Wait for RPC calls to shutdown PC and other exploits.
Boot into Linux. Observing that Hotkeys is now eucking up 100% of CPU.

**Your milage will varry.
***For extra quick results start with WinXP SP1, and leave connected to internet while installing.
User avatar
grimdestripador
Level 6
Level 6
 
Posts: 1069
Joined: Fri Feb 16, 2007 2:26 am

Linux Mint is funded by ads and donations.
 

Re: Wine with Virus

Postby Husse on Fri Jun 27, 2008 4:48 pm

For super quick results start with WinXP without a service pack and connected to internet
I doubt you can finish the install, some of the RPC buggers probably breaks the system before you are finished :)
But that is a failure I realize when I read the original post again - this way you can't show what happens in Wine :) :)
But - the virus does not spread outside Wine - at worst it writes some txt files to your home....
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Wine with Virus

Postby tri on Wed Jul 02, 2008 10:01 am

You may need to access Control Center -- Services, and untick the Hotkey management and other services such as Bluetooth that you don't actually use. And yes, Wine may carry Windows viruses but they will not have root access to your system. No worry about it.
tri
Level 2
Level 2
 
Posts: 56
Joined: Sun Sep 02, 2007 12:07 am

Re: Wine with Virus

Postby grimdestripador on Wed Jul 02, 2008 12:51 pm

tri wrote:You may need to access Control Center -- Services, and untick the Hotkey management and other services such as Bluetooth that you don't actually use. And yes, Wine may carry Windows viruses but they will not have root access to your system. No worry about it.


(referring to root access)
That is where my headache (previously mentioned) comes from. I wasn't expecting the virus to chill out on my linux partition. And being that I mount my music files (and installer executables) on a read/write HD in Linux. Each times I reformatted windows I kept on getting a virus as soon as I started copying Drivers for Install.

Yet another reason to have read only access.

P.S. to Husse. Can't WINE read outside the home directoy. What about (user) mounted disks.
User avatar
grimdestripador
Level 6
Level 6
 
Posts: 1069
Joined: Fri Feb 16, 2007 2:26 am

Re: Wine with Virus

Postby Husse on Thu Jul 03, 2008 7:03 am

Wine can probably read outside /home - but it can't write outside /home (unless you've changed permissions) and that stops a virus pretty efficiently
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Wine with Virus

Postby grimdestripador on Fri Jul 25, 2008 6:47 pm

so um, this is bad?
Code: Select all
sudo mount /dev/sda1 /media/usb -t vfat -o users,rw



(of course it is)
User avatar
grimdestripador
Level 6
Level 6
 
Posts: 1069
Joined: Fri Feb 16, 2007 2:26 am

Re: Wine with Virus

Postby Husse on Sat Jul 26, 2008 7:03 am

Well, that disk could be vulnerable as you "make it like home"
But I don't really get it - sda1 a USB disk?
Do they appear that way - I have never tried - don't have access to a USB disk
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Wine with Virus

Postby grimdestripador on Sun Jul 27, 2008 8:05 pm

Do they appear that way - I have never tried - don't have access to a USB disk


Setup is a Dell Inspiron 1200, with 40 GB EIDE and 4 USB GB thumbdrive.
Observe that even my main harddrive is labaled (sda1 - SCSI Device A Partiton 1) rather than /dev/hda1 like normal.
----
and btw what is the Partition 1 has different physical/logical endings: phys=(488, 254, 63) logical=(489, 135, 30) part mean?

Code: Select all
eagle@tragdor ~ $ sudo fdisk -l


Disk /dev/sda: 40.0 GB, 40007761920 bytes
255 heads, 63 sectors/track, 4864 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0720071f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1        4659    37423386   83  Linux
/dev/sda2            4660        4864     1646662+   5  Extended
/dev/sda5            4660        4864     1646631   82  Linux swap / Solaris

Disk /dev/sdb: 4026 MB, 4026531840 bytes
255 heads, 63 sectors/track, 489 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x007e8538

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1   *           1         490     3932128+   c  W95 FAT32 (LBA)
Partition 1 has different physical/logical endings:
     phys=(488, 254, 63) logical=(489, 135, 30)
User avatar
grimdestripador
Level 6
Level 6
 
Posts: 1069
Joined: Fri Feb 16, 2007 2:26 am

Re: Wine with Virus

Postby Husse on Mon Jul 28, 2008 7:50 am

Hmm - made the same mistake as many posting here - was not clear enough
I was thinking of that in you example the USB disk was sda - I would not expect it to be sda
All disks are treated like SATA (scssi) disks by the disk driver introduced in Daryna (earlier?), so hda is outdated
different physical/logical endings

This is like chinese to me.... they probably should not have the same ending as the logical is a transformation of the physical
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Linux Mint is funded by ads and donations.
 

Return to Software & Applications

Who is online

Users browsing this forum: FraNe91, Google Adsense [Bot] and 24 guests