Re: Linux infected ?
Ralph Jenkin ralph.jen...@empoweredcomms.com.au wrote: Am I the only one thinking; Wine can actually manage to get infected by malware now? Cool. I've seen a fair number of discussions about this on usenet, so it's not new, no. Chris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
Please keep replies on the list. Rodrigo Hashimoto wrote: Hi Eduardo, Yes, as I was afraid about this I removed everything under wine in ~/.wine. Do you think this is a security risk for my Debian OS ? I'd say the risk is very low. Most malware today doesn't even bother to infect other windows files (they rely on the fake e-mails like the one you clicked to spread) and also don't care much about the files you have (even on Windows). -- We don't know one millionth of one percent about anything. Eduardo M KALINOWSKI edua...@kalinowski.com.br http://move.to/hpkb -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
Eduardo M KALINOWSKI-4 wrote: Please keep replies on the list. Rodrigo Hashimoto wrote: I'd say the risk is very low. Most malware today doesn't even bother to infect other windows files (they rely on the fake e-mails like the one you clicked to spread) and also don't care much about the files you have (even on Windows). -- We don't know one millionth of one percent about anything. Eduardo M KALINOWSKI edua...@kalinowski.com.br http://move.to/hpkb I usually like testing Windows virus and trojans in the Wine environment, and as I've reached, the efects unchained by a trojan or virus only can operate into the execution of the program you have called with wine. What I wanna say is that there is no windows environment where the malware can work, so the actions this malware can do are limitated to the execution of the program in wich is launched. For example, a virus that attacks trough IE, never can open another windows application, simply because the malware is prepared to open a windows app, not an instance of wine to a windows app. Just another thing, the same some windows software doesn´t run on Wine, most viruses doesn´t do it. I've think some bad things, but I prefer not to tell'em sorry for my poor english -- Sergio Fernandez titope...@proyectopqmc.com http://www.proyectopqmc.com - http://counter.li.org http://counter.li.org/cgi-bin/certificate.cgi/472448 http://www.proyectopqmc.com Bienvenido al Proyecto PQMC -- View this message in context: http://www.nabble.com/Linux-infected---tp21724415p21747267.html Sent from the Debian Security mailing list archive at Nabble.com. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
2009/1/30 Tito Pelon titope...@proyectopqmc.com: Eduardo M KALINOWSKI-4 wrote: Please keep replies on the list. Rodrigo Hashimoto wrote: I'd say the risk is very low. Most malware today doesn't even bother to infect other windows files (they rely on the fake e-mails like the one you clicked to spread) and also don't care much about the files you have Hi, For about 2 years i was collecting trojans/worms and stuff like this from my email server (amavis + clamav filtering such shit to a separate folder). When tried to run 90% of those programs , very funny thing happened , like you must run win32 environment in order to run this program ;) regards -- Wojciech Ziniewicz Unix SEX :{look;gawk;find;sed;talk;grep;touch;finger;find;fl ex;unzip;head;tail; mount;workbone;fsck;yes;gasp;fsck;more;yes;yes;eje ct;umount;makeclean; zip;split;done;exit:xargs!!;)} -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Linux infected ?
Hi, I received a file via e-mail and tried to open it, then the iceweasel did nothing. I tried again and I realized the iceweasel was trying to user the wine to open a file .com. Then I run the command file and I realized this is king of a virus to Windows and not Linux. This is a security risk to my debian lenny ? Thanks -- Rodrigo Hashimoto ...Ser feliz não é ter uma vida perfeita, sem dor e sem lágrimas; mas saber usar as lágrimas para regar a esperança e a alegria de viver... ...Ser feliz é ser como a raiz da árvore que passa a vida toda escondida para poder sustenta-la. Ser feliz é não deixar que a tristeza apague o seu sorriso; é não permitir que o rancor elimine o perdão; que as decepções eliminem a confiança; que o fracasso vença o desejo da vitória; que os erros vençam os acertos; que a ingratidão te faça parar de ajudar; que a velhice elimine em você o animo da juventude; que a mentira sufoque a verdade... ...Ser feliz é não precisar ficar se justificando; pois os amigos não precisam de explicações e os inimigos não acreditam nelas... ... Ser feliz é amar a Deus e ao próximo... - (Prof. Felipe Aquino)
Re: Linux infected ?
Rodrigo Hashimoto wrote: Hi, I received a file via e-mail and tried to open it, then the iceweasel did nothing. I tried again and I realized the iceweasel was trying to user the wine to open a file .com. Then I run the command file and I realized this is king of a virus to Windows and not Linux. This is a security risk to my debian lenny ? It may attempt to infect the other programs you installed with wine. It shouldn't be able to modify any of your Linux program that you have installed, since only root can do that (you're not running iceweasel/icedove as root, are you?). Try scanning your .wine directory like this: $ clamscan -ri ~/.wine Best regards, --Edwin -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
Rodrigo Hashimoto wrote: Hi, I received a file via e-mail and tried to open it, then the iceweasel did nothing. I tried again and I realized the iceweasel was trying to user the wine to open a file .com. Then I run the command file and I realized this is king of a virus to Windows and not Linux. This is a security risk to my debian lenny ? Even if it was a virus, the most it can do is affect your Wine files of the pseudo-Windows installation. Even so, I'm not sure it will be much effective. Even if it wrote to the registry an entry to start-up automatically, I'm not sure Wine honors this. If you are in doubt, just wipe you wine files (I think they are in ~/.wine, but I haven't used Wine in years) and start again. -- Eduardo M KALINOWSKI edua...@kalinowski.com.br http://move.to/hpkb -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
On Thu, Jan 29, 2009 at 09:04:46AM -0200, Eduardo M KALINOWSKI wrote: Rodrigo Hashimoto wrote: Hi, I received a file via e-mail and tried to open it, then the iceweasel did nothing. I tried again and I realized the iceweasel was trying to user the wine to open a file .com. Then I run the command file and I realized this is king of a virus to Windows and not Linux. This is a security risk to my debian lenny ? Even if it was a virus, the most it can do is affect your Wine files of the pseudo-Windows installation. Even so, I'm not sure it will be much effective. Even if it wrote to the registry an entry to start-up automatically, I'm not sure Wine honors this. If you are in doubt, just wipe you wine files (I think they are in ~/.wine, but I haven't used Wine in years) and start again. -- Eduardo M KALINOWSKI edua...@kalinowski.com.br http://move.to/hpkb If you do this, please make sure that there isn't any wine-processes running on system. Those might still be effective. --- Henri Salo -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
On Thu, Jan 29, 2009 at 09:04:46AM -0200, Eduardo M KALINOWSKI wrote: Rodrigo Hashimoto wrote: Hi, I received a file via e-mail and tried to open it, then the iceweasel did nothing. I tried again and I realized the iceweasel was trying to user the wine to open a file .com. Then I run the command file and I realized this is king of a virus to Windows and not Linux. This is a security risk to my debian lenny ? Even if it was a virus, the most it can do is affect your Wine files of the pseudo-Windows installation. Even so, I'm not sure it will be much Uhmm you are aware that you can mount $HOME in Wine, right? ISTR it even does this by default. -- John effective. Even if it wrote to the registry an entry to start-up automatically, I'm not sure Wine honors this. If you are in doubt, just wipe you wine files (I think they are in ~/.wine, but I haven't used Wine in years) and start again. -- Eduardo M KALINOWSKI edua...@kalinowski.com.br http://move.to/hpkb -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
It still has the same permissions as any other process by that user. There are a few viruses that can infect elf binaries when running from a windows host, so it's not all that isolated based on execution platform. On Jan 29, 2009 4:00 AM, Török Edwin edwinto...@gmail.com wrote: Rodrigo Hashimoto wrote: Hi, I received a file via e-mail and tried to open it, then the icewe... It may attempt to infect the other programs you installed with wine. It shouldn't be able to modify any of your Linux program that you have installed, since only root can do that (you're not running iceweasel/icedove as root, are you?). Try scanning your .wine directory like this: $ clamscan -ri ~/.wine Best regards, --Edwin -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscri...
Re: Linux infected ?
Hi Henri, In fact I received this file from a friend, and when I saw the attached file it sounds like a html file, that's why I tried to use the iceweasel. In the first attempt the iceweasel didn't respond, then I tried again and I realized the iceweasel was trying to use the wine. Then I realized with the command file it is a binary file for Windows machines, look: $ file curriculo762.com curriculo762.com: PE32 executable for MS Windows (GUI) Intel 80386 32-bit $ Thanks for your help. On Thu, Jan 29, 2009 at 8:59 AM, Henri Salo fg...@hack.fi wrote: On Thu, Jan 29, 2009 at 08:38:06AM -0200, Rodrigo Hashimoto wrote: Hi, I received a file via e-mail and tried to open it, then the iceweasel did nothing. I tried again and I realized the iceweasel was trying to user the wine to open a file .com. Then I run the command file and I realized this is king of a virus to Windows and not Linux. This is a security risk to my debian lenny ? -- Rodrigo Hashimoto First of all, why did you open a file, which you obviously don't trust? This is a very serious error. Same thing considers emails from unknown senders. I beleive that isn't security risk for you, but next time don't click those viruses. If you want to know what kind of malware it was use for example: http://anubis.iseclab.org/ http://virusscan.jotti.org/ Maybe your client is configured to open win32 binaries in wine, which in my opinion isn't very smart thing to do, because of these cases. --- Henri Salo -- Rodrigo Hashimoto ...Ser feliz não é ter uma vida perfeita, sem dor e sem lágrimas; mas saber usar as lágrimas para regar a esperança e a alegria de viver... ...Ser feliz é ser como a raiz da árvore que passa a vida toda escondida para poder sustenta-la. Ser feliz é não deixar que a tristeza apague o seu sorriso; é não permitir que o rancor elimine o perdão; que as decepções eliminem a confiança; que o fracasso vença o desejo da vitória; que os erros vençam os acertos; que a ingratidão te faça parar de ajudar; que a velhice elimine em você o animo da juventude; que a mentira sufoque a verdade... ...Ser feliz é não precisar ficar se justificando; pois os amigos não precisam de explicações e os inimigos não acreditam nelas... ... Ser feliz é amar a Deus e ao próximo... - (Prof. Felipe Aquino)
Re: Linux infected ?
2009/1/29 Rodrigo Hashimoto rodh...@gmail.com In the first attempt the iceweasel didn't respond, then I tried again and I realized the iceweasel was trying to use the wine. I never let weasels drink alcohol ;-) Seriously, though, I hope you get to the bottom of this. I've long wondered about cross-platform security risks like this, though I'm afraid I'm not knowledgeable enough about them to help out in your case. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
Quoting Sam Kuper (sam.ku...@uclmail.net): 2009/1/29 Rodrigo Hashimoto rodh...@gmail.com In the first attempt the iceweasel didn't respond, then I tried again and I realized the iceweasel was trying to use the wine. I never let weasels drink alcohol ;-) Seriously, though, I hope you get to the bottom of this. I've long wondered about cross-platform security risks like this, though I'm afraid I'm not knowledgeable enough about them to help out in your case. Matt Moen (no relation, but a friend) has done ground-breaking research/comedy -- yes, it really was both at the same time -- on this subject: http://www.linux.com/articles/42031 -- Cheers, Crypto lets someone say Hi! I absolutely definitely have Rick Moena name somewhat like the name of a large familiar r...@linuxmafia.com organization, and I'd like to steal your data! and lots McQ! (4x80) of users will say OK, fine, whatever.-- John Levine -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
On Thursday 29 January 2009 14:31:33 Scott Edwards wrote: It still has the same permissions as any other process by that user. There are a few viruses that can infect elf binaries when running from a windows host, so it's not all that isolated based on execution platform. Out of curiosity, what do you mean by 'infecting' ? Modifying an elf binary file ? Could you please explain it better ? If so, shouldn't the file permissions avoid it (the infection) ? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
On Thu, Jan 29, 2009 at 09:31:33AM -0700, Scott Edwards wrote: Try scanning your .wine directory like this: $ clamscan -ri ~/.wine An interesting idea (a recipe for Debian): http://www.burghardt.pl/2007/11/wine-with-on-access-clamav-scanning/ -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
Am I the only one thinking; Wine can actually manage to get infected by malware now? Cool. Props to those guys for their hard work implementing the Win32 API so completely. Last time I tried testing that (in a quarantined sandbox) it was an insta-crash. That was a few years ago, admittedly. Mind you, it because of users like this that I run ClamAV on all incoming email. Haven't had to berate anyone for trying open something like britney.zip or in this case something that ends in .com because it sounds like it's probably a website for years. Props to the ClamAV guys too. On Thursday January 29 2009, Rodrigo Hashimoto wrote: Hi, I received a file via e-mail and tried to open it, then the iceweasel did nothing. I tried again and I realized the iceweasel was trying to user the wine to open a file .com. Then I run the command file and I realized this is king of a virus to Windows and not Linux. This is a security risk to my debian lenny ? Thanks -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
On Thu, 29 Jan 2009 11:52:59 -0800 Rick Moen r...@linuxmafia.com wrote: ... Matt Moen (no relation, but a friend) has done ground-breaking research/comedy -- yes, it really was both at the same time -- on this subject: http://www.linux.com/articles/42031 ROtFL! His writeup is utterly hilarious. Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org