LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 01-29-2004, 04:48 AM   #16
natalinasmpf
Member
 
Registered: Dec 2003
Distribution: Slackware 9.1
Posts: 309

Rep: Reputation: 30

Quote:
Originally posted by Chinaman
I opened it with Ark in a /tmp subdirectory when the first document.zip made it to my Inbox. Then looked at the document.exe file. If I am correct, it can't do anything to a Linux box because this is what it does...

I'm no Linux expert, but if I'm correct, this particular worm can't do anything to a Linux system. Is this correct?

There's one thing I feel like shouting:

WINE WINE WINE!

Oh send me the executable.
 
Old 01-29-2004, 10:00 AM   #17
williamwbishop
Member
 
Registered: Feb 2003
Location: god's judge
Posts: 376

Rep: Reputation: 30
Yes, it won't run under linux, but I also run windows....and aix, and solaris, and windows ce....you get the picture. I can dedicate a box to a good cause for a few days...
 
Old 01-29-2004, 10:47 AM   #18
Bruce Hill
HCL Maintainer
 
Registered: Jun 2003
Location: McCalla, AL, USA
Distribution: Gentoo (all servers at work are openSUSE)
Posts: 6,938

Rep: Reputation: 128Reputation: 128
Quote:
Originally posted by natalinasmpf
There's one thing I feel like shouting:

WINE WINE WINE!

Oh send me the executable.
It's been removed from my comp, even out of /tmp, so I can't help in your quest. It won't actually do anything
in a Linux box anyway. Read the details in my post about 5 back, and post back when you understand why...
Quote:
Originally posted by williamwbishop
Yes, it won't run under linux, but I also run windows....and aix, and solaris, and windows ce....you get the picture. I can dedicate a box to a good cause for a few days...
I fail to see why either of you would want a worm. It's beyond my realm of comprehension.
 
Old 01-29-2004, 11:03 AM   #19
williamwbishop
Member
 
Registered: Feb 2003
Location: god's judge
Posts: 376

Rep: Reputation: 30
It's the purpose of the worm that is appealing. Getting rid of it is no problem..
 
Old 01-30-2004, 02:32 AM   #20
natalinasmpf
Member
 
Registered: Dec 2003
Distribution: Slackware 9.1
Posts: 309

Rep: Reputation: 30
Quote:
Originally posted by Chinaman
[B]It's been removed from my comp, even out of /tmp, so I can't help in your quest. It won't actually do anything
in a Linux box anyway. Read the details in my post about 5 back, and post back when you understand why...

[B[
I don't understand why, doesn't wine have its own registry? Could it not follow it? Heck, perhaps it won't run on startup, but it doesn't matter since I can start and stop it as I like.
 
Old 01-30-2004, 10:50 AM   #21
Vincent_Vega
Member
 
Registered: Nov 2003
Location: Jacksonville, FL
Distribution: Slackware & Arch
Posts: 825

Rep: Reputation: 31
Why doesn't someone post the code so we can see what it's doing? Is it illegal to allow a virus to knowingly run on your computer? I think it might be, at least in the U.S.
I think it's pretty damn funny that there are people actually asking for a worm! I can understand your thinking but I wouldn't bother to contribute to something that affects normal people most of all. I had to clean four computers just yesterday of it, before I realized that I wouldn't mind reading through it some...

What's the status of the SCO Group and this lawsuit? Am I mistaken in thinking that I read that M$ is the second largest shareholder? Can anyone imagine what would happen if (when) M$ gets the legal rights to a majority of UNIX platforms??
 
Old 01-30-2004, 12:43 PM   #22
laceupboots
Member
 
Registered: Dec 2003
Location: Houston
Distribution: Knoppix,lenova yoga 3, Samsung s6 -android
Posts: 307

Rep: Reputation: 30
I think I'll just use Mandrake until they get rid of the worm.
 
Old 01-31-2004, 01:23 PM   #23
coolamit78
Member
 
Registered: Aug 2003
Location: New Delhi, India
Distribution: RHEL AS 3/4, Windows XP
Posts: 546

Rep: Reputation: 31
Well, if mydoom has been developed to provide DoS against the SCO corp., I guess SCO website would be hosted on a Unix server....and since someone just said that this virus also includes a key logger..I think it may affect linux systems too...

in fact, i posted a thread on linux - software forum as my downloads were freezing after some time...I was trying to download skins from winamp.com and the latest version of xmms from xmms.org...and I tried at least 20 - 25 times...The downloads suddenly freezed and immediately after that, even clicking the download link didnt have any effect..I tried different browsers, but nothing seemed to help....

And now today, the downloads have gone through well....I dont know what caused downloads to freeze...but yes, I had opened the mydoom virus attachment file from my RedHat box.....thinking that it wouldnt affect linux...

I would like to know the experiences of everyone here with their linux system's performance and internet surfing....Is it usual or did u notice something fishy....

Regards,

amit
 
Old 01-31-2004, 01:55 PM   #24
witeshark
Member
 
Registered: Jan 2004
Location: Miami FL
Distribution: Mac OS X 10.4.11 Ubuntu 12.04 LTS
Posts: 429

Original Poster
Rep: Reputation: 30
I know people that saw a bit of slowness on Thursday. I have seen nothing at all unusual - but I have only been on with the Mac. Symantec says Linux is unaffected. Did you see the attachment creating files? It's "hiding" in Kazaa as Winamp5, RootkitXP, Officecrack and Nuke2004. (Hoping for downloads of course) It creates these : %System%\Shimgapi.dll. Shimgapi.dll and acts as a proxy server, opening TCP listening ports in the range of 3127 to 3198. (Back door settup) Also %Temp%\Message. This file contains random letters and is displayed using Doz Notepad.
%System%\Taskmon.exe. I'm not sure how this would actually function on a Linux box...
 
Old 01-31-2004, 05:57 PM   #25
zekko
Member
 
Registered: Aug 2003
Location: Canada
Distribution: Slackware, debian
Posts: 76

Rep: Reputation: 15
Quote:
u think these worms would get smarts, a smart worm would srat and attack in like only hours after it was relaesed, long b4 anyone could alert the worl of a new worm, thus acutaly doing somthing that is meaningful, like dos attack sco and ms? (not realy meaningful, but it is to the virus wirters who are no doupt just out to hurt them)
Although this would be more of a surprise attack, I think the virus waits longer to get as many victims as possible. That way the DoS attack will be much bigger then if they launched it only a few hours after it was released.
 
Old 01-31-2004, 06:01 PM   #26
Squall
Member
 
Registered: Jan 2004
Location: The land of the free and the home of the brave
Distribution: Slack 10
Posts: 239

Rep: Reputation: 30
quote:
--------------------------------------------------------------------------------
When W32.Novarg.A@mm is executed, it does the following:

1. Creates the following files:
* %System%\Shimgapi.dll: Shimgapi.dll acts as a proxy server, opening TCP listening ports in the range of 3127 to 3198. The backdoor also has the ability to download and execute arbitrary files.
* %Temp%\Message: This file contains random letters and is displayed using Notepad.
* %System%\Taskmon.exe:

it will do absolutely nothing, first of all, dlls can't operate in linux, %SYSTEM%, would have no value in linux, none of the paths would work (MS uses backslashes) and lastly there are no .exe files in linux. None of the mechanisms required to operate the virus are present. Hell, I doubt it could even damage WINE, so click away
 
Old 01-31-2004, 10:32 PM   #27
Bruce Hill
HCL Maintainer
 
Registered: Jun 2003
Location: McCalla, AL, USA
Distribution: Gentoo (all servers at work are openSUSE)
Posts: 6,938

Rep: Reputation: 128Reputation: 128
There you have it, natalinasmpf. Squall has it right, except for one thing - there are some exectuables in Linux, but still not what's necessary for this little kiddie's worm.
 
Old 02-01-2004, 03:20 AM   #28
natalinasmpf
Member
 
Registered: Dec 2003
Distribution: Slackware 9.1
Posts: 309

Rep: Reputation: 30
Quote:
it will do absolutely nothing, first of all, dlls can't operate in linux, %SYSTEM%, would have no value in linux, none of the paths would work (MS uses backslashes) and lastly there are no .exe files in linux. None of the mechanisms required to operate the virus are present. Hell, I doubt it could even damage WINE, so click away
Dll's work under wine.

%system% is a variable you can set in wineconfig.

The paths could work because Wine recognises them.

And .exe files can run under wine. So there.

It just doesn't start at boot, WHICH IS A GOOD THING.
 
Old 02-01-2004, 12:23 PM   #29
Squall
Member
 
Registered: Jan 2004
Location: The land of the free and the home of the brave
Distribution: Slack 10
Posts: 239

Rep: Reputation: 30
A record is set at LQ

Quote:
Originally posted by natalinasmpf
Dll's work under wine.

%system% is a variable you can set in wineconfig.

The paths could work because Wine recognises them.

And .exe files can run under wine. So there.

It just doesn't start at boot, WHICH IS A GOOD THING.
Record Number 1-
Holy f***ing s***, someone actually agreed with me.

Record Number 2-
Holy f***ing s***, I think that I may actually now agree with natalinasmpf. I'm no expert in WINE, so I'm going to assume that you're right.
 
Old 02-01-2004, 05:10 PM   #30
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
I'm not en expert in WINE, but from my understanding a Windows virus shouldn't work under WINE. Because WINE is a re-write of the Windows API, the underlying code isn't going to be identical which causes some problems with Windows viruses. The only actual test I've see was someone testing out Sobig.F on WINE, which just caused it to crash, but didn't actually infect the WINE filesystem or do any of the mass-mailing nastiness. Though it is feasible for someone to write a virus which is "WINE-aware" and upon virus execution, it does a check (of Registry Keys or whatever) to see if the OS is truely Windows or if it's WINE, in which case it would run a modifed WINE-specific subroutine.

Another problem with that theory. Just because WINE is supposed to be similar to Windows, doesn't mean that programs running under WINE can somehow throw all the standard linux permissions out the window and do whatever they like. User level permissions shouldn't allow it to do things like use raw sockets or modify Linux system files. Again, I'm not a WINE expert, but I believe at the very worst it may corrupt the WINE install, but I don't think it could seriously damage the Linux OS. From the tests I've seen of malicious code run in WINE, that seems to be the case as well.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
keystroke logger??? paugros Linux - Security 18 03-24-2005 01:06 PM
keystroke logging to file? musicman_ace Linux - Software 3 12-12-2004 07:49 AM
keystroke macros squip Programming 1 10-09-2003 01:46 PM
looking for program or way to get keystroke macros squip Linux - Software 0 10-07-2003 09:25 PM
emacs keystroke kev82 Programming 9 07-16-2003 11:15 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 11:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration