Wine with Virus

Questions about applications and software
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
User avatar
grimdestripador
Level 6
Level 6
Posts: 1051
Joined: Fri Feb 16, 2007 2:26 am

Wine with Virus

Post by grimdestripador »

As I relapse occasionally and use Windows, but have been working on Linux primarily. I would like to make public one of my oversites with WINE and virii. Ending up with alot of headaches.

Purpose:
Break linux with windows virus. Complete with 100% cpu load.

Setup:
Linux Mint [hda1]
Windows XP [hdb1] with EXTIFS (EXT2 Installable Files system Driver)

Procedure:
Install Windows (preferably while connected to the internet)
Install Linux and boot loader.
Install Wine and Wine HQ
Boot Windows
Download EXTIFS from internet
Install EXTIFS to copy windows drivers stored on linux partition
Leave connected to internet. Wait for RPC calls to shutdown PC and other exploits.
Boot into Linux. Observing that Hotkeys is now eucking up 100% of CPU.

**Your milage will varry.
***For extra quick results start with WinXP SP1, and leave connected to internet while installing.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Husse

Re: Wine with Virus

Post by Husse »

For super quick results start with WinXP without a service pack and connected to internet
I doubt you can finish the install, some of the RPC buggers probably breaks the system before you are finished :)
But that is a failure I realize when I read the original post again - this way you can't show what happens in Wine :) :)
But - the virus does not spread outside Wine - at worst it writes some txt files to your home....
User avatar
grimdestripador
Level 6
Level 6
Posts: 1051
Joined: Fri Feb 16, 2007 2:26 am

Re: Wine with Virus

Post by grimdestripador »

tri wrote:You may need to access Control Center -- Services, and untick the Hotkey management and other services such as Bluetooth that you don't actually use. And yes, Wine may carry Windows viruses but they will not have root access to your system. No worry about it.
(referring to root access)
That is where my headache (previously mentioned) comes from. I wasn't expecting the virus to chill out on my linux partition. And being that I mount my music files (and installer executables) on a read/write HD in Linux. Each times I reformatted windows I kept on getting a virus as soon as I started copying Drivers for Install.

Yet another reason to have read only access.

P.S. to Husse. Can't WINE read outside the home directoy. What about (user) mounted disks.
Husse

Re: Wine with Virus

Post by Husse »

Wine can probably read outside /home - but it can't write outside /home (unless you've changed permissions) and that stops a virus pretty efficiently
User avatar
grimdestripador
Level 6
Level 6
Posts: 1051
Joined: Fri Feb 16, 2007 2:26 am

Re: Wine with Virus

Post by grimdestripador »

so um, this is bad?

Code: Select all

sudo mount /dev/sda1 /media/usb -t vfat -o users,rw

(of course it is)
Husse

Re: Wine with Virus

Post by Husse »

Well, that disk could be vulnerable as you "make it like home"
But I don't really get it - sda1 a USB disk?
Do they appear that way - I have never tried - don't have access to a USB disk
User avatar
grimdestripador
Level 6
Level 6
Posts: 1051
Joined: Fri Feb 16, 2007 2:26 am

Re: Wine with Virus

Post by grimdestripador »

Do they appear that way - I have never tried - don't have access to a USB disk
Setup is a Dell Inspiron 1200, with 40 GB EIDE and 4 USB GB thumbdrive.
Observe that even my main harddrive is labaled (sda1 - SCSI Device A Partiton 1) rather than /dev/hda1 like normal.
----
and btw what is the Partition 1 has different physical/logical endings: phys=(488, 254, 63) logical=(489, 135, 30) part mean?

Code: Select all

eagle@tragdor ~ $ sudo fdisk -l


Disk /dev/sda: 40.0 GB, 40007761920 bytes
255 heads, 63 sectors/track, 4864 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0720071f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1        4659    37423386   83  Linux
/dev/sda2            4660        4864     1646662+   5  Extended
/dev/sda5            4660        4864     1646631   82  Linux swap / Solaris

Disk /dev/sdb: 4026 MB, 4026531840 bytes
255 heads, 63 sectors/track, 489 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x007e8538

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1   *           1         490     3932128+   c  W95 FAT32 (LBA)
Partition 1 has different physical/logical endings:
     phys=(488, 254, 63) logical=(489, 135, 30)
Husse

Re: Wine with Virus

Post by Husse »

Hmm - made the same mistake as many posting here - was not clear enough
I was thinking of that in you example the USB disk was sda - I would not expect it to be sda
All disks are treated like SATA (scssi) disks by the disk driver introduced in Daryna (earlier?), so hda is outdated
different physical/logical endings
This is like chinese to me.... they probably should not have the same ending as the logical is a transformation of the physical
Locked

Return to “Software & Applications”