Spyware Horror Story: Toxic Wine

If the application Wine is known for protecting Linux computers from viruses in the Windows programs it runs, how did Chris get hit with malware? It's also curious how he got a virus in the first place.

Submitted by Chris, U.S.A

I was--and still am--running UbuntuStudio 7.10. Now, even though this is Ubuntu, I can run Windows programs with Wine.

My friend's brother was playing on my computer and got into my e-mail. He opened up the Elvis e-mail, which contains a virus. I found out later that the virus got into Wine. Not too much later after the contamination, I started running Microsoft Office, when Ubuntu came up with an error. Firefox randomly crashed. Then Wine started running Notepad instead of the application I wanted.

I used Ubuntu's virus scanner and it found one virus in the Wine folder, one virus in the Apt folder, and one in the Root folder. It, unlike Norton, deleted all three without any problem. Now I have a special program, BlueProximity, that locks the computer whenever my Palm Treo, bluetooth phone, or bluetooth censor, enters or leaves the computer's range. I also have my computer auto-lock itself. I was able to recover some files on the Virutal C:\ drive, but most were lost to the virus.

Editor's response

We're not exactly sure what Chris means by the "Elvis virus," (the first four pages of Google search results list it as the condition by which "your computer gets fat, slow and lazy, and then self-destructs, only to resurface at shopping malls and service stations across rural America,") but we're certain Chris' friend's brother shouldn't have been poking around Chris' in-box. Why was he tampering with Chris' e-mail anyway? His first problem is a rude house guest.

Incidentally, why was there a link to a live virus stewing in said e-mail message? Before pointing a finger at any antivirus program, Chris should consider implementing a guest account to keep bratty brothers in check, and ramping up the spam filters in his e-mail. If constant spam makes the current account unwieldy, it's easy enough to start fresh with a new account.

I dove into some Ubuntu forums to get a better understanding of the extent to which a virus can infect a Linux box running Wine, the Windows-like environment. There were differing opinions, experiences, suppositions, and authorities, but from the multitude of propositions there was this silver thread: that some malware can indeed infect Wine, including manifesting in the crashes Chris described. The majority of infections, however, will not be able to spread into the Linux operating system. That is, unless you're running Wine as root. According to the Wine wiki, this will throw open the gateway for viruses to access your computer, and if Chris found a virus file in the root folder, there's a good chance that's what happened.

To purge the virus, try killing your Wine processes, delete the contents of the ~/.wine directory, and when you re-start, make certain it's in regular mode, and not as root (or sudo.) If nothing rights itself immediately, try rebooting; and if you still have the heebie-jeebies, you can always run a firewall.

CNET Top 5
Companies Apple could buy with their billions
Apple's sitting on a massive pile of cash. Here are five interesting ways they could spend it.
Play Video
 

Member Comments