• On TechRepublic: 10 cool USB flash drive tricks
April 10, 2008 1:34 PM PDT

Spyware Horror Story: Toxic Wine

by Jessica Dolcourt

Got your own spyware horror story? Share it with us.

Spyware Horror Story

Submitted by Chris, U.S.A

I was--and still am--running UbuntuStudio 7.10. Now, even though this is Ubuntu, I can run Windows programs with Wine.

My friend's brother was playing on my computer and got into my e-mail. He opened up the Elvis e-mail, which contains a virus. I found out later that the virus got into Wine. Not too much later after the contamination, I started running Microsoft Office, when Ubuntu came up with an error. Firefox randomly crashed. Then Wine started running Notepad instead of the application I wanted.

I used Ubuntu's virus scanner and it found one virus in the Wine folder, one virus in the Apt folder, and one in the Root folder. It, unlike Norton, deleted all three without any problem. Now I have a special program, BlueProximity, that locks the computer whenever my Palm Treo, bluetooth phone, or bluetooth censor, enters or leaves the computer's range. I also have my computer auto-lock itself. I was able to recover some files on the Virutal C:\ drive, but most were lost to the virus.

Editor's response

We're not exactly sure what Chris means by the "Elvis virus," (the first four pages of Google search results list it as the condition by which "your computer gets fat, slow and lazy, and then self-destructs, only to resurface at shopping malls and service stations across rural America,") but we're certain Chris' friend's brother shouldn't have been poking around Chris' in-box. Why was he tampering with Chris' e-mail anyway? His first problem is a rude house guest.

Incidentally, why was there a link to a live virus stewing in said e-mail message? Before pointing a finger at any antivirus program, Chris should consider implementing a guest account to keep bratty brothers in check, and ramping up the spam filters in his e-mail. If constant spam makes the current account unwieldy, it's easy enough to start fresh with a new account.

I dove into some Ubuntu forums to get a better understanding of the extent to which a virus can infect a Linux box running Wine, the Windows-like environment. There were differing opinions, experiences, suppositions, and authorities, but from the multitude of propositions there was this silver thread: that some malware can indeed infect Wine, including manifesting in the crashes Chris described. The majority of infections, however, will not be able to spread into the Linux operating system. That is, unless you're running Wine as root. According to the Wine wiki, this will throw open the gateway for viruses to access your computer, and if Chris found a virus file in the root folder, there's a good chance that's what happened.

To purge the virus, try killing your Wine processes, delete the contents of the ~/.wine directory, and when you re-start, make certain it's in regular mode, and not as root (or sudo.) If nothing rights itself immediately, try rebooting; and if you still have the heebie-jeebies, you can always run a firewall.

Got your own spyware horror story? Share it with us.

Jessica Dolcourt reviews the latest and greatest smartphone apps, in addition to a healthy dose of Windows software. E-mail Jessica and follow her on Twitter.
Topics:

Security and spyware

Tags:

Spyware Horror Story,

malware,

virus,

spyware,

antivirus,

Wine,

Linux,

Ubuntu

Share:
Digg
Del.icio.us
Reddit
Recent posts from The Download Blog
Official NASA app and a hovercraft racing game: iPhone apps of the week
Popular iPhone movie app flops on BlackBerry
Must-have utilities for your Windows toolkit
Opera Mobile 10 beta browser: First Look video
Doom, Command & Conquer revived for iPhone
Mozilla's e-mail group looks toward the cloud
Seven essential free software apps for a new PC
Near-final Thunderbird 3 due next week
Add a Comment (Log in or register) (8 Comments)
  • prev
  • 1
  • next
by chettyharish April 11, 2008 1:47 AM PDT
woo didn't know it could get that bad lol
Reply to this comment
by Igiveup2 April 11, 2008 8:22 AM PDT
Can't we have at least ONE thread on cnet that doesn't degenerate into this sort of idiocy?
by Igiveup2 April 11, 2008 8:21 AM PDT
"The majority of infections, however, will not be able to spread into the Linux operating system. That is, unless you're not running Wine as root."

Wouldn't running Wine as root, instead of not running Wine as root, facilitate the spread of the virus into the OS? Does the statement reflect Dolcourt's intentions?
Reply to this comment
by hawkeyeaz1 April 11, 2008 1:34 PM PDT
Either the virus has improved (if it is copying to the root directory, there is some improvement), or wine has (not unlikely--they are doing an excellent job given the constraints). It wasn't 2 years ago when there was an article about a guy who tried to install several major viri in wine and failed.
Reply to this comment
by alegr April 12, 2008 9:14 AM PDT
O no! If a moron works in Windows as Admin, runs all kinds of infected attachments he gets in mail, it's unsecure Windows!. If a moron works as root in Ubuntu, runs Wine and runs infected attachments, it's just because he's a moron and deserves that! Linux is secure, Windows is not, everyone knows that! Or not.
Reply to this comment
by MEE-S31 April 12, 2008 4:46 PM PDT
OK we have a guy running Ubuntu. Now Ubuntu doesn't let you login as root by default but it does let you sudo and a lot of people set up their ubuntu to not have a password on the main account (why, cause they are lazy) and so with no password on the account sudu can be used without a password and i suspect that this is how the user got the files in root.
Ubuntu is great but it makes it too easy for people to set up their systems to be insecure.
No matter how much sedurity we put into our software people will find ways to get around it because more security means more effort and that is not what people want. They want their computers to run fast, with nothing to slow them down and they want to only have to worry about what they want to do. They don't worry about viruses because they don't want to.
The problem we have as more advanced users and programmers is to make the computers safe but so that users can truely forget about any security problems.
Until then people will still get shot in the foot when they go on the net.
Reply to this comment
by nikhilnaidu April 12, 2008 11:42 PM PDT
I am also using Ubuntu and have win Xp prof as well. It is on dual boot and i dont use wine. One good way to protect your data is to store it in partitions other than C (for win) and home(Linux). That way, even if you format your drive it is not a problem. Ubuntu is inherently very secure. use ClamAV the antivirus for linux (it does a pretty neat job of things) and activate the inbuilt firewalll in Ubuntu.
Also please have multiple accounts ( have made that mistake in the past, please refer to an earlier story about what happened to me when my cousins used the PC to play games). ***Never mess with the sudo on linux, unless you are into coding and designing. It is not for the amateur.
Reply to this comment
by aragorns9 April 21, 2008 6:42 PM PDT
well it is a lot easier to get virus's in windows then linux
and not just because no one writes virus's for linux but because linux is more secure
have you ever used linux????
Reply to this comment
(8 Comments)
  • prev
  • 1
  • next

Search Download Blog posts

About The Download Blog

Download.com editors cover the world of downloadable software and beyond.

Add this feed to your online news reader

The Download Blog topics

download
Site map
Help center
Our software policies
Newsletters
Submit software
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET