Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Technology

SirCam on Linux via WINE 194

illusion_2K writes "Another monumental step forward for Linux - the SirCam virus now works on Linux via WINE. ("With a few ommissions")" Allright I had to post it. Thats damn funny. We can emulate worms if we want to!
This discussion has been archived. No new comments can be posted.

SirCam on Linux via WINE

Comments Filter:
  • That's excellent!
    Change from a Windows compatability layer to a Windows vulnerability layer.
    Of course it should work...as I recall, Sircam is a virus targeted a MS applications...so anything that can run Windows apps ought to run it, right?
  • I used to use it to uncompress the documents I got sent so I could have a peek at them... It uncompresses itself into 'Recycled'.
  • Heh... (Score:1, Redundant)

    by Sj0 ( 472011 )
    The best part is the if we want to. heh, Don't want to be venerable? close WINE. Almost poetic... :)

    On the other hand...Why run IIS under WINE under linux? :)
    • Re:Heh... (Score:2, Funny)

      by Dwonis ( 52652 )
      Boot time. IIS "reboots" much faster under under WINE than under Windows.
      • The ultimate test: can you run Code Red or Nimda on IIS under Wine on Linux? Then we'll know that Linux is truly "Enterprise-ready".

    • by Sj0 ( 472011 )
      sircam, not code red. OK, then by arguement goes "Why would anybody use Outlook + WINE + linux", because anybody stupid enough to check their e-mail under linux, see the file "I send to you to have your advice", and run it manually under wine deserve every virus on the planet. :)
  • When? (Score:4, Funny)

    by flikx ( 191915 ) on Sunday September 23, 2001 @04:21PM (#2338542) Homepage Journal

    When will I be able to enjoy being infected by outlook viruses under FreeBSD? People will think I'm weird if I don't send along personal documents.

  • Now let's fix it (Score:4, Interesting)

    by GrouchoMarx ( 153170 ) on Sunday September 23, 2001 @04:21PM (#2338543) Homepage
    Cool! Now for a real coup, alter WINE so that it doesn't have all these vulnerabilities. (Should be reasonably straight-forward, just put proper checks in to keep VB scripts from accessing certain parts of the system.) I can see the marketing now: "Runs all Windows programs, except the viruses!" "It's Windows, but safer." "Virii? We don't run no steenkin virii!"
  • Why is this important? What, are we struggling to make Linux as vinerable to viruii as Windows. Why not just start having trivial user programs run as root.

    Seriously... whats up with this?

    I guess the only useful Windows apps are viruii anyway, I just thought I'd ask the question.
    • Seriously... whats up with this?

      Humor. H-U-M-O-R.

      "Haha, Linux has to run Windows viruses under emulation, otherwise it wouldn't have any."
      • Oh, so funny is what you want...

        WINE supporters have finally ported the single most popular Windows application to WINE. It took a lot of work and years of research and determined effort, but it can finally be put to rest. Yes, thanks to the efforts of hackers world-wide, Linux is now capable of running Virus programs designed for Windows.

        :D
        • Up to now...Windows advocates have been complaining that Linux just doesn't have the power of Windows. Listen to this Windows advocate:

          Well, um...like Linux is weak. It don't get those Windows viruses at all. Damn, if it can't do that, why should I be a-using it? My operating system has to be corruptiblable, ya know?

          Now...finally, we have something to show them! That SirCam CAN affect Linux (in emulation mode at least).

          • I don't /care/ what lusers think. In fact, most users should be using whatever does what they need it to do (be it Windows, Linux, BeOS, whatever).

            Quite frankly I am fucking tired of people trying to be the next Microsoft. Redhat, Caldera, Corel, whatever... and it's not even about the money. Look at distributions like Slackware...

            Get it through your heads - there doesn't have to be one cure-all operating system that everyone has to use in order to be 'uber-l33t'.

            Business doesn't give a rats ass about technical specs, as long as the total system is a benefit to the company.

            On another forum, a few minutes ago, someone asked about setting up a small mail server (maybe 20 users or so). The typical smart-ass answer of "install linux with sendmail/postfix/intermail/whatever" came across. The guy said he needed it done ASAP and would rather just do it on NT. Is there anything wrong with doing that? Umm.. no.

            My original point (which has been moderated into oblivion, as I assume this will be too) is that it doesn't make ANY rational sense to be trying to get a MALICIOUS program running on your system.

            Public opinion means jack shit if it doesn't work the way it is supposed to. As long as it works, is reliable, and is (relativly speaking) easy to maintain, who cares what makes it go.

            Yeah, this article reeks of "*hyuck* *hyuck* look what I can do"...

            Bah.
            • by Ungrounded Lightning ( 62228 ) on Sunday September 23, 2001 @06:17PM (#2338853) Journal
              My original point (which has been moderated into oblivion, as I assume this will be too) is that it doesn't make ANY rational sense to be trying to get a MALICIOUS program running on your system.

              It makes perfect sense to me, with a couple of changes of emphasis.

              It makes sense, when writing an emulator/compatability layer, to TEST whether a malicious program will run, for two reasons:

              Discovering whether the emulation is close enough that the emulator is also vulnerable to the malicious software.

              Discovering whether the malicious software fails because it depends on a feature - necessary for some NON-malicious programs - which is not correctly emulated. (A malicious program may use a little-known or undocumented "feature" - perhaps one that's been keeping some popular apps from working correctly.)

              But beyond debugging the emulation there are additional reasons:

              Running the malicious program in the (open-source) emulation environment may provide additional insight into its operation, leading to better defenses, both for the emulation and the original environment.

              It's FUNNY!

              That's four separate reasons that this makes sense.

            • On another forum, a few minutes ago, someone asked about setting up a small mail server (maybe 20 users or so). The typical smart-ass answer of "install linux with sendmail/postfix/intermail/whatever" came across. The guy said he needed it done ASAP and would rather just do it on NT. Is there anything wrong with doing that? Umm.. no.

              Um, yes, there is. The guy who's just setting it up ASAP is going to have myriad security holes to patch out of the box, which may not get patched since he's in such an all-fired hurry, and so doing it the quick and easy way is more likely to lead to more worms deluging the non-quick-and-dirty part of the Internet. If that person would plan ahead by investing a little time in figuring out the best system for his needs, including future expandability, then problems of adding 20 users would be a non-event.

              Using NT is not necessarily a mistake. Using NT because you're in a hurry and think that in the long run it will be a quicker solution usually is a mistake.

              That said, a good avenue to investigate would be one of the afore-mentioned MTAs and a Webmin interface. You can't get much more pointy-and-clicky than that, plus you can download the most recent and secure versions of postfix, qmail, or even sendmail.

    • Ahh, you see this is all part of the Linux World Conspiracy ... we may run the virii, but we are not truly hurt by them ... oh, no! they hurt our Wine root directory! oh, no! all my _Windows_ applications ... BUT, we can now spread the virii to other helpless Window's users (and probably more effeciently ...). Thus, more Window's boxes are brought down. viva la revolution!
  • I posted the wine appdb entry:

    http://appdb.codeweavers.com/appview.php?appId=2 77
    • Why did you put US Gov't as the vendor?

      What have you seen/heard saying they released this virus?
      • Well, it was just supposed to be another humorous part of a humorous appdb entry. If I had known that /. would have picked it up, I might have chosen my words a bit more carefully, but oh well.

        In retrospect, I doubt that any part of the US Gov't would have any possible motive for releasing this one.
    • See what you get when you claim credit for something you did not do. You loose karma ... good for /.

  • by gweihir ( 88907 )
    Finally a virus friendly application for Linux! Long has the possible base of Virii overlooked in geting Linux more acceptance. No more!

  • by gusnz ( 455113 ) on Sunday September 23, 2001 @04:26PM (#2338561) Homepage
    Now, all we need is an Outlook user simulator package that automatically opens executable attachments if it's asked for advice :)
  • Anyone who looks at the part under the headline and whines that "WINE Is Not An Emulator" shall face my fists of fury. Don't push me.
  • by Anonymous Coward
    ...I will kick his or her ass. The proper plural for "virus" is "viruses". "Viri" and "virii" just make you look stupid. Please read this informative article [perl.com] for background information. Thank you.
  • ROFL...Ah, me. Kudos to the poor bastards brave enough to try this. They will have their kernel recompiled in Valhalla.
  • Not Quite (Score:5, Informative)

    by Jerry ( 6400 ) on Sunday September 23, 2001 @04:30PM (#2338577)
    While I noticed that SirCam infected email did fire my Wine program the results were a dud. The effect was that SirCam was exposed but not functional, and I was able to explore it's code without fear. There were no registries to infect, no exchange list to exploit, and the "hidden" trojans were easily seen and removed.

    SirCam it totally harmless on Linux under Wine.
    • Re:Not Quite (Score:2, Interesting)

      by rtaylor ( 70602 )
      Sircam is completely harmless on Windows too -- until you let the users get involved who run the damn thing.
  • Geeze... when will linux users get over Windows software and start wrting worms specifically for their platform... uncreative they are
  • Now all the Microdroids will scream "HA! See?! Linux users can get worms too!"
    • Now all the Microdroids will scream "HA! See?! Linux users can get worms too!"

      You're obviously highly misinformed. At least three Linux worms have been out in the past year, and none of them require Wine to run - just uninformed lusers like yourself leaving boxes unpatched.

      Simon
  • See, linux can run the latest popular software for windows.

    Great job WINE team, keep up the good work.
  • As long as there are bored people in the world, there is hope. Granted, emulating virii isnt exactly helpfull, but if we have enough time and energy to do things like this, stuff that really is helpfull will continue.

    Well, I guess this project was good for a laugh. That always helps. :>

  • "We can emulate worms if we want to!"

    WINE: WINE Is Not an Emulator

    Well, I wouldn't say we can "emulate" worms... Would you?
  • by Puk ( 80503 ) on Sunday September 23, 2001 @05:06PM (#2338689)
    I bet this comes up with every wine post, but according to the name, the sourceforge page [sourceforge.net], and one of the the FAQ [codeweavers.com] answers [codeweavers.com], WINE is not an emulator. Much like GNU is not UNIX. :)

    -Puk

    • It is also well-known as WINdows Emulator.
    • True, true. But stop being so picky!

      Which would you rather say...
      "We can emulate Windows viruses if we want to"
      or
      "We can use a program that implements the Windows API on top of X and UNIX (although GNU is not UNIX, so we're implementing it under GNU/Linux really) to run a Windows based virus"

      Personally I'm willing to sacrifice being 100% accurate and correct in a case like this :)
      • by Puk ( 80503 ) on Monday September 24, 2001 @12:57AM (#2339890)
        Fair enough -- you've got a good point. We should be able to come up with something more concise than that thing, though. :) How about "now Linux can suck as much as Windows" or "now we can run those superior Windows worms"?

        "You have been hit by the UNIX virus! It works on the honor system. Please forward this message to everyone you know and delete a bunch of your files at random."

        Ah, what the hell, it's fine as it is. ;)

        -Puk
  • NOT an emulator!!
  • GPL (Score:2, Funny)

    by Laser Lou ( 230648 )
    That's great. I suppose the next step now is to get the GPL "Virus" to work on Windows.
  • This is a major step forward for Linux/*Nix systems. I personally have known several top Fortune 500 companies who have been hesitant to enter into the *nix world because of legacy systems and software.

    Imagine my enthusiasm when I read this news story. Corporate America will no longer have to languish in the restricted playpen Windows offers, and is free to explore the thrifty, speedy, and, dare I say it, eFective software base that *nix platforms offer.

    I've been waiting for this day ever since I installed Slackware using 3 floppy disks, but found that it had no built in features that support the Anna Kournakova suite. Now, we can live in peace, knowing that WINE can grok Kournikova.

    Rejoice my friends, the golden years for Linux are close at hand.

  • Why is the vendor listed as "??? US Govt"? I've never heard any evidence linking them to SirCam.
  • Great (Score:5, Funny)

    by LazyDawg ( 519783 ) <lazydawg@ h o t m a i l . com> on Sunday September 23, 2001 @05:41PM (#2338783) Homepage
    Now even Linux users can enjoy the benefits of the Microsoft Virus Infection Layer in their otherwise high quality operating system.

    This is a big step for Linux's acceptance as a Desktop operating system. We NEED more clueless newbies out there using Linux and saying "fuckit, I think there's a virus on your/my system. Time to reinstall KDE."

    In a few months even Outlook will be available to Linux/Wine users, so too will be the full Universal Virus Infection suite of tools from Microsoft.

    My only question is, how much longer until we have kernel-level support for VBA and Microsoft Scripting?
    • I wonder.. will this have support for MS's newly announced Enhanced Virii Infection Layer? Or just the plain old VIL?
      • No, no, it should be "Visual Active Virus XP" by now, shouldn't it? Unfortunately, that doesn't make as nice of an acronym...

  • Sue them? (Score:4, Funny)

    by aozilla ( 133143 ) on Sunday September 23, 2001 @05:59PM (#2338824) Homepage
    I just wonder, all those people who advocate suing Microsoft for the SirCam virus, should we now sue the makers of WINE as well?
  • nice, but not very impressive, you wanna wow me, port/emulate MS IIS server onto linux and lets get come code red and nimda (?) network action going!
    Being invulnerable to these virii has gone on long enough and has made the linux community soft and lazy, may we all live in interesting times...


  • It just wouldn't be right to include a classic like SirCam without making sure that newcomers like Nimda and Code Red can infect IIS on WINE on Linux!

  • whether WINE will run viruses little bits of malicious code or Notepad.exe. The question is when will it run useful desktop applications at 100% functionailty.
    In the next couple of years, WINE will have to become as stable or better running win32 apps to entice people to use it, along with their old Office versions, instead of rolling over for the FINAL SOLUTION: the .NET mass internment of user's data.
  • Done that.. (Score:4, Informative)

    by sakusha ( 441986 ) on Sunday September 23, 2001 @06:42PM (#2338939)
    This has been a known problem for years amongst Mac emulator users. Virtual PC and other emus are suceptible to viruses just like on a native PC. I just run standard PC antivirus tools.

    One of the advantages of using Mac PC emulation, I can just make a backup copy of my PC volume, save that state, if I have a Windows problem I just ditch the corrupted volume and use the backup.
    • That's cool, but what you describe sounds like making a disk image, which can also be done natively on Windows boxes. The tool I know is Norton Ghost. And of course, there's always Gnu dd. . .
    • PC users can also use VMWare or VirtualPC to emulate a PC. But I don't think everybody should go that far, because we cannot have games or fun stuff inside a virtual machine. Or better, there are hardware solutions ("PCI restore cards") that allow you to rollback to the state before virus infections, but it slows down the IDE channel and there are compatibilities problems with busmastering or certain 40+GB hard disks.
  • It loads [win2k AOL 6] but it doesn't connect:
    See Here for details of my attempts [dualsky.co.uk]

    I know i havn't updated the page in weeks I have had more pressing matters
    • It loads [win2k AOL 6] but it doesn't connect.

      Well, I guess that's the next virus WINE developers need to work on. It is, after all, the most popular Windows virus.

      • [Melissa] You go girl, that AOL chick is way to populeeeer

        [Nimida] Right on sister she has had over 20 mil users

        [Melissa] What to do think IloveYOU?

        [ILY] She is l4m3r than that kornukova girl!

        I probably should try VMware or that other on LinWin? Silly parents not having cable...
    • Out of curiosity, did you try using the AOL setup stuff. I don't know much at all about AOL anymore(other than I avoid it like the plague, but I have a few Brit friends on ICQ that have the same story as you for using it), I haven't used it since the days of beating up my Dad's old 486 with a 14.4 modem under Win3.1... Anyway, If I remember right, you can tell it COM#'s. What if you try telling it COM2 (/dev/ttyS1) or where ever your modem is.

      Here's a small part of my ~/.wine/config:
      ~~~~~~~~~~~~~~
      [serialports]
      "Com1" = "/dev/ttyS0"
      "Com2" = "/dev/ttyS1"
      "Com3" = "/dev/ttyS2"
      "Com4" = "/dev/modem"
      ~~~~~~~~~~~~~~


      So I suspect that if you tell AOL to use a specific "COM Port", it *should* (in theory, of course) work.
      Try it, see what happens.
  • Why emulate when Linux already has such a wide selection to choose from?

    * L10n

    * Adore

    * Ramen

    * Sadmind

    * Cheese

    They'll run faster and fully featured natively.
    • WTF is with this? You guys r seriously as bad as you see Microsoft if u mode this guy to flamebait... He's making a valid point. I didn't presume his tone was anywhere near half as cynical and sarcastic as other posters. I'm as open-minded as the next guy when it comes to both platforms and sure MS has its problems but Linux is far from freakin' perfect (although it is pretty darn good).. accept it.. improve it and then make those claims about omnipotent operating systems. Until then be reasonable and clear headed.. oh this is slashdot.. go ahead mod me and flame me.. my karma's at zero - what do i care??
    • Moderation Totals: Flamebait=1, Total=1.

      WHAT? I point out that, unlike the story seems to incorrectly imply, worms can and do infect Linux systems, and I get modded down as flamebait? . I have five PCs at home and four of them run Linux, and I'm at work sitting on a Linux machine right now.

      Just because I don't believe that any OS is perfect, including Linux, I get labelled as flamebait? The stories implication that worms don't affect Linux systems is what's flamebait, and demonstrably false.
    • And Windows has thousands more than that.
    • * Sadmind

      Except that Sadmind is a solaris / NT worm, not a Linux worm. Please study the facts before posting.

      sadmind/IIS details [attrition.org]

  • Emulating bugs (Score:4, Interesting)

    by os2fan ( 254461 ) on Sunday September 23, 2001 @07:11PM (#2339043) Homepage
    One of the things about Win-OS/2 was that it was bug for bug compatible with Windows, even down to emulating the 3.11-3.10=0.00 bug in the calculator.

    The sad thing about Windows bugs is that you don't need to go to the back door to do damage. There's enough to be seen to do it through the front door now.

    Maybe SirCam did not work because when the damage was passed down to the underlying OS, Linux did not want to play ball: and isn't that WHY we run emulators.... :)

  • To all you sanctimonious Linux users who used to sneer at "dumb windows users" who allow virii into their systems, I have this to say:

    Pfffffffffffffffffftttttttttttttttttt!

  • Well you had been warned.

    You have just received a low tech virus via http.

    Since we're not so technologically advanced in Linux this is a MANUAL virus.

    Please delete all files on your hard disk yourself and forward this in e-mail to everyone you know.

    That'd be grand.

    Thanx

    Paddy O'Hacker

  • by zyqqh ( 137965 ) on Sunday September 23, 2001 @08:33PM (#2339283)
    here's my form letter for replying to addresses i get sircam clones from:

    +++
    Subject: advice

    Hi! How are you?

    I send you this advice in order to not have your files

    See you later. Thanks
    +++
    Attachment (named advice.txt.bat):

    @echo off

    echo Your computer is infected with the "sircam" virus, and has been
    echo repeatedly emailing addresses on hkn.eecs.berkeley.edu
    echo with large attachments. Please clean up the virus ASAP.
    echo You can find more information on how to do this at:
    echo http://www.sarc.com/avcenter/venc/data/w32.sircam. worm@mm.html

    :Loop
    goto Loop
  • by dsplat ( 73054 ) on Sunday September 23, 2001 @09:13PM (#2339374)
    I can't believe that no one has posted a reference to the Jargon File [tuxedo.org] entry for the bug-compatibility [tuxedo.org] standard that WINE has now met:

    bug-compatible adj.


    [common] Said of a design or revision that has been badly compromised by a requirement to be compatible with fossil [tuxedo.org] s or misfeature [tuxedo.org] s in other programs or (esp.) previous releases of itself. "MS-DOS 2.0 used \ as a path separator to be bug-compatible with some cretin's choice of / as an option character in 1.0."


  • "so good, it can emulate windows worms flawlessly"

    I don't know if I should be impressed or flabbergasted :p.
  • I think we can agree that most Linux users are "intelligent" computer users, ones who like to get the most out of their computers, and ones who have extensive experience using those computers and various applications (under whatever OS).

    Can we therefore also agree that Linux users practice more intelligent computing, and if there was a Linux virus that went around hosing installs, most Linux users would not get it because at the least they would know to not open any old attachment and run it?

    Granted, many people don't know how to (or that they should) secure their systems, and some even login routinely as root. (!)

    But are Linux users less prone to email-born worms/viruses?

    I would argue that they are. Personally, I do not run virus scanning software at all. Not on my Mac (haven't for years and years), not on my Linux box, and not on my Windows 2000 Pro machines. Instead, I practice safe computing.

    On Windows, that involves disabling VB scripting, locking down various portions of Outlook and IE, and installing the latest patches (SR1/2 for Office, IE updates, etc).

    I'm not the "average" user but I think that most tech-heads can do this (and therefore Linux guys and gals).
    • The problem isn't just that windows users are dumb. The problem is that both windows users and windows are dumb. People doing default installs and installing the default patch kits for windows are getting hit with months-old bugs. Microsoft has, by hook or crook, made it non-intuitive for people to get a reasonably secure system set up. Many seem to end up accidently enabling an unpatched IIS that they don't even know is there to be patched.

      When I set up Redhat 7.1, on the other hand, the 'medium' security setup was so secure, that I had to do some work to enable sendmail and the web packets through ipchains. I think that this is a far better result for unknowledgable users than the microsoft "just bend over and relax.. nothing's going to happen" attitude

      As for people who routinely login as root, they at least have to know enough (on redhat) to turn of the 'annoying' warning about logging in as root. This is kinda like the navy pilot who thought "It'd be a lot easier to land if the turned of the wave off lights" (needless to say, he lost his wings).

      A well designed system can do only so much about a dumb user, but we should at least ask for a well designed system.

  • An interesting question could be can WINE be used to study virus like SirCam with a mimizing risk to the computer since its a "virtual" installation? Loosing one of your WINE installations can't nearly be as bad as loosing a real install. If the process goes run away it should be easy to kill it, erase the setup and reinstall.
  • 'nuff said
  • I ran a worm that was going round about a year ago. It displayed the pretty fireworks just fine, but didn't seem to 'infect' anything (unsurprising, since my Wine C:\ drive was empty and I didn't give Wine access to anywhere else). I don't know whether it could successfully send stuff across the network - I unplugged the Ethernet jack first :-).

The clash of ideas is the sound of freedom.

Working...